MeldSecurity
Press Enter to search
CVE Database & Search โ†’
Sign In Get Started

CVE-2025-8671

๐Ÿ”ด HIGH

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource cons...

Published
Aug 13, 2025
Last Modified
Aug 17, 2025
Views
8
Bookmarks
0

Description

Request Expert Review

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset themโ€”using malformed frames or flow control errorsโ€”an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

CVSS Scores

CVSS 3.1 7.5
7.5
HIGH
CVSS 2.0 7.5

References

galbarnahum.com github.com github.com gitlab.isc.org kb.cert.org support2.windriver.com varnish-cache.org www.fastlystatus.com www.suse.com deepness-lab.org github.com github.com github.com www.imperva.com gitlab.isc.org

Additional Information

Source
cret@cert.org
State
Awaiting analysis

Related CVEs

CVE-2025-62689

HIGH

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...

Score: 7.5

CVE-2025-59777

HIGH

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...

Score: 7.5

CVE-2025-12932

MEDIUM

A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=...

Score: 4.7

CVE-2025-12931

MEDIUM

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/...

Score: 6.3

CVE-2025-12613

HIGH

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing...

Score: 8.6

CVE-2025-12930

MEDIUM

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulat...

Score: 6.3

Share CVE-2025-8671

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-8671 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis