vulnerability
Red Hat JBossEAP: Uncontrolled Resource Consumption (CVE-2024-47535)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2024-11-12 | 2025-03-10 | 2025-05-08 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
2024-11-12
Added
2025-03-10
Modified
2025-05-08
Description
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.. A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CVE-2024-47535
- https://attackerkb.com/topics/CVE-2024-47535
- URL-https://access.redhat.com/security/cve/CVE-2024-47535
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2325538
- URL-https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3
- URL-https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
- URL-https://access.redhat.com/errata/RHSA-2025:3357
- URL-https://access.redhat.com/errata/RHSA-2025:3358
- URL-https://access.redhat.com/errata/RHSA-2025:3465
- URL-https://access.redhat.com/errata/RHSA-2025:3467
- URL-https://access.redhat.com/errata/RHSA-2025:4548
- URL-https://access.redhat.com/errata/RHSA-2025:4549
- URL-https://access.redhat.com/errata/RHSA-2025:4550
- URL-https://access.redhat.com/errata/RHSA-2025:4552
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.