Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2025-5399 - log back

CVE-2025-5399 edited at 05 Jun 2025 00:09:59

Description

	Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.

-	There is no other way for the application to escape or exit this loop other than killing the thread/process.
+	There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
-
-	This might be used to DoS libcurl-using application.

CVE-2025-5399 created at 05 Jun 2025 00:09:36

Severity

+

Low

Remote

+

Remote

Type

+	Denial of service

Description

+	Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.
+
+	There is no other way for the application to escape or exit this loop other than killing the thread/process.
+
+	This might be used to DoS libcurl-using application.

References

+	https://curl.se/docs/CVE-2025-5399.html
+	https://github.com/curl/curl/commit/d1145df24de8f80e6b16

Notes