A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 8 | RedHat | org.jboss.narayana-narayana-all | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap | * |