CVE-2025-31650 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2889	tomcat9	9.0.100-1		High	Vulnerable
AVG-2888	tomcat10	10.1.40-1		High	Vulnerable

References
https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826 https://nvd.nist.gov/vuln/detail/cve-2025-31650