Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless

APPLICATION

07-06-2025 05:20

CVE-2025-5399 Vulnerabilidad documentada

Sin puntuación

Tags

#web

#using

#server

#application

#malicious

#dos

Descripción

Due to a mistake in libcurl's WebSocket code, malicious server can send a particularly crafted packet which makes libcurl get trapped an endless busy-loop. There is no other way for the application escape or exit this loop other than killing thread/process. This might be used DoS libcurl-using application.

https://curl.se/docs/CVE-2025-5399.html

https://curl.se/docs/CVE-2025-5399.json

https://hackerone.com/reports/3168039

http://www.openwall.com/lists/oss-security/2025/06/04/2

Referencia

CVE-2025-5399.

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5399

Resultados similares

Coincidentes en almenos en 50% de los tags

07-06-2025
Malicious npm packages posing as utilities delete project directories Two malicious packages ha...
Ver información

05-06-2025 CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The ...
Ver información