216.73.216.133

CVE-2025-5399

· Published 07/06/2025 08:15 · Modified 07/06/2025 08:15

Labels: CVE-2025-5399 2025-06-072499f714-1537-4658-8207-48ae4bb9eae9CVE-2025-5399

Essential information

Published
07/06/2025 08:15
Modified
07/06/2025 08:15
Author
Creator
CISA KEV
No
CWE

Description

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD
View on NVD

Affected products (CPE)

ProductCPE
curl / libcurl cpe:2.3:a:curl:libcurl:*:*:*:*:*:*:*:*

References