CVE-2024-8447

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8447

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8447.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8447

Aliases

GHSA-qq9f-q439-2574

Downstream

RHSA-2025:3357

Published

2025-01-02T20:19:29.671Z

Modified

2026-06-18T03:55:50.305737384Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Narayana: deadlock via multiple join requests sent to lra coordinator

Details

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8447.json",
    "cwe_ids": [
        "CWE-833"
    ],
    "cna_assigner": "redhat"
}

References

Affected packages

Git / github.com/jbosstm/narayana

Affected ranges

Type

GIT

Repo

https://github.com/jbosstm/narayana

Events

Introduced

Fixed

ab602708a6dddad5ef4e6ffa8fa1637c6ac926aa

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.1.0.Final"
        }
    ]
}

Affected versions

4.*

4.17.0.Final

5.*

5.0.0.CR1

5.0.0.CR2

5.0.0.Final

5.0.0.M2

5.0.0.M3

5.0.0.M4

5.0.0.M5

5.0.0.M6

5.0.0.M7

5.0.0.M8

5.0.1.Final

5.0.2.Final

5.0.3.Final

5.0.4.Final

5.1.0.Final

5.1.1.Final

5.10.0.Final

5.10.1.Final

5.10.3.Final

5.10.4.Final

5.10.5.Final

5.10.6.Final

5.11.0.Final

5.11.1.Final

5.11.2.Final

5.12.0.Final

5.12.1.Final

5.12.2.Final

5.12.3.Final

5.12.4.Final

5.12.5.Final

5.12.6.Final

5.12.7.Final

5.13.0.Final

5.13.1.Alpha1

5.13.1.Final

5.2.0.Final

5.2.10.Final

5.2.11.Final

5.2.12.Final

5.2.14.Final

5.2.2.Final

5.2.3.Final

5.2.4.Final

5.2.5.Final

5.2.6.Final

5.2.7.Final

5.2.8.Final

5.2.9.Final

5.3.0.Final

5.3.1.Final

5.3.2.Final

5.3.3.Final

5.3.4.Final

5.3.5.Final

5.4.0.Final

5.5.0.Final

5.5.1.Final

5.5.2.Final

5.5.3.Final

5.5.4.Final

5.5.5.Final

5.6.1.Final

5.6.2.Final

5.6.3.Final

5.6.4.Final

5.7.0.Final

5.7.1.Final

5.9.1.Final

5.9.2.Final

5.9.3.Final

5.9.4.Final

5.9.5.Final

5.9.6.Final

5.9.7.Final

5.9.8.Final

6.*

6.0.0.CR1

6.0.0.Final

6.0.1.Final

7.*

7.0.0.Final

7.0.1.Final

7.0.2.Final

Other

svn-r37839

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8447.json"