Threats Tagged 'cve-2024-29857'

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, a timing attack variant in BouncyCastle, resource allocation issues in Netty, infinite loops in ED25519 verification, and denial of service via crafted EC certificates. These vulnerabilities affect the Java application platform based on WildFly runtime and have been rated with an overall security impact of Important by Red Hat. The update replaces version 8. 0. 2 and includes bug fixes and enhancements alongside security patches. No known exploits in the wild have been reported at this time.

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, resource allocation issues in Netty, and several cryptographic flaws in BouncyCastle. These vulnerabilities could lead to denial of service, timing attacks, or server-side request forgery. The update replaces version 8. 0. 2 and is rated with an important security impact by Red Hat. No known exploits in the wild have been reported at this time.

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, resource allocation issues in Netty, timing attacks and denial of service in BouncyCastle cryptographic libraries, and infinite loops during ED25519 verification. These vulnerabilities affect the platform's core components and cryptographic operations. The update replaces version 8. 0. 2 and is rated as having an important security impact by Red Hat. No known exploits in the wild have been reported. Users are advised to apply the update following Red Hat's guidance to mitigate these issues.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks on cryptographic libraries, infinite loops causing DoS, and resource allocation issues. These vulnerabilities affect components including Undertow, BouncyCastle, Netty, and HTTP/2 handling. The update replaces version 7. 4. 17 and is rated with an Important security impact by Red Hat. No CVSS scores are provided in the advisory, but the overall severity is high. The vendor has released this update to remediate the identified issues.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 addresses multiple security vulnerabilities affecting components such as Undertow, BouncyCastle, Netty, and HTTP/2 handling. These vulnerabilities include remote memory denial of service (DoS) attacks, infinite loops causing DoS, resource allocation without limits, and timing attacks on cryptographic operations. The update replaces version 7. 4. 17 and includes fixes for seven CVEs, including CVE-2024-3653. Red Hat has released this update as an important security advisory and recommends applying it after ensuring all previous errata are installed and backing up existing installations.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS) via the LearningPushHandler, timing attacks on BouncyCastle cryptographic library, infinite loops causing DoS in cryptographic verification, and HTTP/2 CONTINUATION frame DoS. These issues affect components like undertow, BouncyCastle, netty-codec-http, and httpd within the platform. The update replaces version 7. 4. 17 and provides important security improvements to mitigate these vulnerabilities.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks, infinite loops, and resource allocation issues. These vulnerabilities affect components like undertow, BouncyCastle cryptographic libraries, netty-codec-http, and HTTP/2 handling. The update replaces version 7. 4. 17 and provides important security improvements. Users are advised to apply this update after ensuring all prior errata are installed and backing up their systems.

Red Hat has released an update for Red Hat Build of Apache Camel 4. 4 for Quarkus 3. 8 (RHBQ 3. 8. 5. GA) addressing three vulnerabilities in the BouncyCastle cryptographic library. These include a denial of service via crafted EC certificate parameters (CVE-2024-29857), an infinite loop in ED25519 signature verification (CVE-2024-30172), and a timing attack variant of Bleichenbacher's attack (CVE-2024-30171). The update aims to improve security and stability. No known exploits are reported in the wild. The advisory classifies the severity as moderate and recommends applying the update after backing up existing installations.