cvelistv5 - cve-2024-8447

CVE-2024-8447 (GCVE-0-2024-8447)

Vulnerability from cvelistv5

Published

2025-01-02 20:19

Modified

2025-08-30 22:54

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-833 - Deadlock

Summary

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.

References

URL

rhsa-2025:3358

Vulnerability from csaf_redhat

Published

2025-03-27 16:47

Modified

2025-10-10 00:17

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.6 security update

Notes

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.0. See Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator [eap-8.0.z] (CVE-2024-8447) * io.netty/netty: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2024-47535) * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine [eap-8.0.z] (CVE-2025-24970) * netty-common: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2025-25193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.0. See Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator [eap-8.0.z] (CVE-2024-8447)\n\n* io.netty/netty: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2024-47535)\n\n* io.netty/netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine [eap-8.0.z] (CVE-2025-24970)\n\n* netty-common: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2025-25193)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3358",
        "url": "https://access.redhat.com/errata/RHSA-2025:3358"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7109353",
        "url": "https://access.redhat.com/articles/7109353"
      },
      {
        "category": "external",
        "summary": "2325538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
      },
      {
        "category": "external",
        "summary": "2335206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
      },
      {
        "category": "external",
        "summary": "2344787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
      },
      {
        "category": "external",
        "summary": "2344788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
      },
      {
        "category": "external",
        "summary": "JBEAP-29540",
        "url": "https://issues.redhat.com/browse/JBEAP-29540"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3358.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.6 security update",
    "tracking": {
      "current_release_date": "2025-10-10T00:17:59+00:00",
      "generator": {
        "date": "2025-10-10T00:17:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2025:3358",
      "initial_release_date": "2025-03-27T16:47:04+00:00",
      "revision_history": [
        {
          "date": "2025-03-27T16:47:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-03-27T16:47:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-10T00:17:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 8",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8447",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "discovery_date": "2025-01-01T22:41:50.788000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2335206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "narayana: deadlock via multiple join requests sent to LRA Coordinator",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "RHBZ#2335206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-8447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://github.com/jbosstm/narayana/pull/2293",
          "url": "https://github.com/jbosstm/narayana/pull/2293"
        }
      ],
      "release_date": "2024-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:47:04+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3358"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "narayana: deadlock via multiple join requests sent to LRA Coordinator"
    },
    {
      "cve": "CVE-2024-47535",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-11-12T16:01:18.772613+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2325538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Denial of Service attack on windows app using Netty",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "RHBZ#2325538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
          "url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
        }
      ],
      "release_date": "2024-11-12T15:50:08.334000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:47:04+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3358"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Denial of Service attack on windows app using Netty"
    },
    {
      "cve": "CVE-2025-24970",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2025-02-10T23:00:52.785132+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2344787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "RHBZ#2344787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
          "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
        }
      ],
      "release_date": "2025-02-10T21:57:28.730000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:47:04+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3358"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
    },
    {
      "cve": "CVE-2025-25193",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-02-10T23:00:54.794769+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2344788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Denial of Service attack on windows app using Netty",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "RHBZ#2344788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
          "url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
        }
      ],
      "release_date": "2025-02-10T22:02:17.197000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:47:04+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3358"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 8"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Denial of Service attack on windows app using Netty"
    }
  ]
}

rhsa-2025:3357

Vulnerability from csaf_redhat

Published

2025-03-27 16:42

Modified

2025-10-10 00:17

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.6 security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.0. See Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator [eap-8.0.z] (CVE-2024-8447)\n\n* io.netty/netty: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2024-47535)\n\n* io.netty/netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine [eap-8.0.z] (CVE-2025-24970)\n\n* netty-common: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2025-25193)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3357",
        "url": "https://access.redhat.com/errata/RHSA-2025:3357"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7109353",
        "url": "https://access.redhat.com/articles/7109353"
      },
      {
        "category": "external",
        "summary": "2325538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
      },
      {
        "category": "external",
        "summary": "2335206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
      },
      {
        "category": "external",
        "summary": "2344787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
      },
      {
        "category": "external",
        "summary": "2344788",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
      },
      {
        "category": "external",
        "summary": "JBEAP-29540",
        "url": "https://issues.redhat.com/browse/JBEAP-29540"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3357.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.6 security update",
    "tracking": {
      "current_release_date": "2025-10-10T00:17:58+00:00",
      "generator": {
        "date": "2025-10-10T00:17:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2025:3357",
      "initial_release_date": "2025-03-27T16:42:38+00:00",
      "revision_history": [
        {
          "date": "2025-03-27T16:42:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-03-27T16:42:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-10T00:17:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 8.0 for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 8.0 for RHEL 9",
                  "product_id": "9Base-JBEAP-8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 8.0 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 8.0 for RHEL 8",
                  "product_id": "8Base-JBEAP-8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                  "product_id": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.119-1.Final_redhat_00002.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.119-1.Final_redhat_00002.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
                  "product_id": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.6.1-1.GA_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
                "product": {
                  "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
                  "product_id": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.16-2.redhat_00003.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
                "product": {
                  "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
                  "product_id": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.6-15.GA_redhat_00009.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                  "product_id": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.119-1.Final_redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.119-1.Final_redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.6.1-1.GA_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
                "product": {
                  "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
                  "product_id": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.16-2.redhat_00003.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
                  "product_id": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.6-15.GA_redhat_00009.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-buffer@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-dns@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-http@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-socks@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-common@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler-proxy@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver-dns@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-classes-epoll@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_id": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-unix-common@4.1.119-1.Final_redhat_00002.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.6.1-1.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.6.1-1.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                "product": {
                  "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                  "product_id": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.16-2.redhat_00003.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                "product": {
                  "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                  "product_id": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.16-2.redhat_00003.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.6-15.GA_redhat_00009.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.6-15.GA_redhat_00009.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.6-15.GA_redhat_00009.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.6-15.GA_redhat_00009.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                "product": {
                  "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_id": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.6-15.GA_redhat_00009.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-buffer@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-dns@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-http@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-socks@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-common@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler-proxy@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver-dns@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-classes-epoll@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-unix-common@4.1.119-1.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.6.1-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.6.1-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                "product": {
                  "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                  "product_id": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j@2.0.16-2.redhat_00003.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                "product": {
                  "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                  "product_id": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.16-2.redhat_00003.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.6-15.GA_redhat_00009.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.6-15.GA_redhat_00009.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.6-15.GA_redhat_00009.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.6-15.GA_redhat_00009.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.6-15.GA_redhat_00009.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.119-1.Final_redhat_00002.1.el9eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll-debuginfo@4.1.119-1.Final_redhat_00002.1.el9eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.119-1.Final_redhat_00002.1.el8eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll-debuginfo@4.1.119-1.Final_redhat_00002.1.el8eap?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch"
        },
        "product_reference": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src"
        },
        "product_reference": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch"
        },
        "product_reference": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
          "product_id": "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch"
        },
        "product_reference": "eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch"
        },
        "product_reference": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src"
        },
        "product_reference": "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch"
        },
        "product_reference": "eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src"
        },
        "product_reference": "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
          "product_id": "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        },
        "product_reference": "eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-8.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8447",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "discovery_date": "2025-01-01T22:41:50.788000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2335206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "narayana: deadlock via multiple join requests sent to LRA Coordinator",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "RHBZ#2335206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-8447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://github.com/jbosstm/narayana/pull/2293",
          "url": "https://github.com/jbosstm/narayana/pull/2293"
        }
      ],
      "release_date": "2024-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:42:38+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3357"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "narayana: deadlock via multiple join requests sent to LRA Coordinator"
    },
    {
      "cve": "CVE-2024-47535",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2024-11-12T16:01:18.772613+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2325538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Denial of Service attack on windows app using Netty",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "RHBZ#2325538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3",
          "url": "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv"
        }
      ],
      "release_date": "2024-11-12T15:50:08.334000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:42:38+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3357"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Denial of Service attack on windows app using Netty"
    },
    {
      "cve": "CVE-2025-24970",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2025-02-10T23:00:52.785132+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2344787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "RHBZ#2344787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
          "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
        }
      ],
      "release_date": "2025-02-10T21:57:28.730000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:42:38+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3357"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
    },
    {
      "cve": "CVE-2025-25193",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2025-02-10T23:00:54.794769+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2344788"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. An unsafe reading of the environment file could cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Denial of Service attack on windows app using Netty",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue only affects Windows environments, therefore, this would affect an environment when running a supported Red Hat JBoss EAP 7 or 8, for example, if running on Windows.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
          "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
          "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
          "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "RHBZ#2344788",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344788"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-25193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386",
          "url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
        }
      ],
      "release_date": "2025-02-10T22:02:17.197000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-03-27T16:42:38+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:3357"
        },
        {
          "category": "workaround",
          "details": "Currently, no mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el8eap.x86_64",
            "8Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap.src",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el8eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.6.1-1.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-buffer-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-http-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-codec-socks-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-handler-proxy-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-resolver-dns-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-classes-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-epoll-debuginfo-0:4.1.119-1.Final_redhat_00002.1.el9eap.x86_64",
            "9Base-JBEAP-8.0:eap8-netty-transport-native-unix-common-0:4.1.119-1.Final_redhat_00002.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.16-2.redhat_00003.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap.src",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch",
            "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.6-15.GA_redhat_00009.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: Denial of Service attack on windows app using Netty"
    }
  ]
}

rhsa-2025:7620

Vulnerability from csaf_redhat

Published

2025-05-14 16:05

Modified

2025-10-08 15:26

Summary

Red Hat Security Advisory: JBoss EAP XP 5.0 Update 2.0 release. See references for release notes.

Notes

Topic

JBoss EAP XP 5.0 Update 2.0 release. See references for release notes.

Details

JBoss EAP XP 5.0 Update 2.0 GA release. See references for release notes. Security Fix(es): * org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator (CVE-2024-8447) * com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254) * org.jboss.eap-jboss-eap-xp: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "JBoss EAP XP 5.0 Update 2.0 release. See references for release notes.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss EAP XP 5.0 Update 2.0 GA release. See references for release notes.\n\nSecurity Fix(es):\n\n* org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator (CVE-2024-8447)\n* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n* org.jboss.eap-jboss-eap-xp: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:7620",
        "url": "https://access.redhat.com/errata/RHSA-2025:7620"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2313454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
      },
      {
        "category": "external",
        "summary": "2335206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
      },
      {
        "category": "external",
        "summary": "JBEAP-26539",
        "url": "https://issues.redhat.com/browse/JBEAP-26539"
      },
      {
        "category": "external",
        "summary": "JBEAP-27340",
        "url": "https://issues.redhat.com/browse/JBEAP-27340"
      },
      {
        "category": "external",
        "summary": "JBEAP-27477",
        "url": "https://issues.redhat.com/browse/JBEAP-27477"
      },
      {
        "category": "external",
        "summary": "JBEAP-28933",
        "url": "https://issues.redhat.com/browse/JBEAP-28933"
      },
      {
        "category": "external",
        "summary": "JBEAP-29471",
        "url": "https://issues.redhat.com/browse/JBEAP-29471"
      },
      {
        "category": "external",
        "summary": "JBEAP-29737",
        "url": "https://issues.redhat.com/browse/JBEAP-29737"
      },
      {
        "category": "external",
        "summary": "JBEAP-29738",
        "url": "https://issues.redhat.com/browse/JBEAP-29738"
      },
      {
        "category": "external",
        "summary": "JBEAP-30007",
        "url": "https://issues.redhat.com/browse/JBEAP-30007"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7620.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss EAP XP 5.0 Update 2.0 release. See references for release notes.",
    "tracking": {
      "current_release_date": "2025-10-08T15:26:08+00:00",
      "generator": {
        "date": "2025-10-08T15:26:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2025:7620",
      "initial_release_date": "2025-05-14T16:05:43+00:00",
      "revision_history": [
        {
          "date": "2025-05-14T16:05:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-14T16:05:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-08T15:26:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP XP 5.0 Update 2.0",
                "product": {
                  "name": "Red Hat JBoss EAP XP 5.0 Update 2.0",
                  "product_id": "Red Hat JBoss EAP XP 5.0 Update 2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-09-19T01:20:29.981665+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2313454"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss EAP XP 5.0 Update 2.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-7254"
        },
        {
          "category": "external",
          "summary": "RHBZ#2313454",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
        },
        {
          "category": "external",
          "summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
          "url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
        }
      ],
      "release_date": "2024-09-19T01:15:10.963000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T16:05:43+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/jboss_eap_xp_5.0_upgrade_and_migration_guide",
          "product_ids": [
            "Red Hat JBoss EAP XP 5.0 Update 2.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7620"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat JBoss EAP XP 5.0 Update 2.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss EAP XP 5.0 Update 2.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
    },
    {
      "cve": "CVE-2024-8447",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "discovery_date": "2025-01-01T22:41:50.788000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2335206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "narayana: deadlock via multiple join requests sent to LRA Coordinator",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss EAP XP 5.0 Update 2.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "RHBZ#2335206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-8447",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
        },
        {
          "category": "external",
          "summary": "https://github.com/jbosstm/narayana/pull/2293",
          "url": "https://github.com/jbosstm/narayana/pull/2293"
        }
      ],
      "release_date": "2024-09-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-14T16:05:43+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/jboss_eap_xp_5.0_upgrade_and_migration_guide",
          "product_ids": [
            "Red Hat JBoss EAP XP 5.0 Update 2.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7620"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss EAP XP 5.0 Update 2.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "narayana: deadlock via multiple join requests sent to LRA Coordinator"
    }
  ]
}

ghsa-qq9f-q439-2574

Vulnerability from github

Published

2025-01-02 21:31

Modified

2025-05-15 00:30

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Narayana deadlock via multiple join requests sent to LRA Coordinator

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jboss.narayana.rts:lra-coordinator-jar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.1.0.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-8447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-833"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-02T22:05:33Z",
    "nvd_published_at": "2025-01-02T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.",
  "id": "GHSA-qq9f-q439-2574",
  "modified": "2025-05-15T00:30:26Z",
  "published": "2025-01-02T21:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jbosstm/narayana/pull/2293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:3357"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:3358"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:7620"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jbosstm/narayana"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Narayana deadlock via multiple join requests sent to LRA Coordinator"
}

fkie_cve-2024-8447

Vulnerability from fkie_nvd

Published

2025-01-02 21:15

Modified

2025-05-14 23:15

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:3357
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:3358
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:7620
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-8447
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2335206
	secalert@redhat.com	https://github.com/jbosstm/narayana/pull/2293

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de seguridad en LRA Coordinator component de Narayana. Cuando se llama a Cancel en LRA, se produce un tiempo de ejecuci\u00f3n de aproximadamente 2 segundos. Si se llama a Join con el mismo ID de LRA dentro de ese per\u00edodo de tiempo, la aplicaci\u00f3n puede bloquearse o bloquearse indefinidamente, lo que genera una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2024-8447",
  "lastModified": "2025-05-14T23:15:47.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-02T21:15:10.303",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:3357"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:3358"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:7620"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8447"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335206"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/jbosstm/narayana/pull/2293"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-833"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-8447 (GCVE-0-2024-8447)

Vulnerability from cvelistv5

rhsa-2025:3358

Vulnerability from csaf_redhat

rhsa-2025:3357

Vulnerability from csaf_redhat

rhsa-2025:7620

Vulnerability from csaf_redhat

ghsa-qq9f-q439-2574

Vulnerability from github

fkie_cve-2024-8447

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature