CVE-2025-55181

Medium CVSS: 5.3

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.

Vendor

Facebook

Product

Proxygen

CWE

CWE-834

Yayın Tarihi

2025-12-02 22:16:08

Güncelleme

2025-12-19 18:02:26

Source Identifier

cve-assign@fb.com

KEV Date Added

Kategoriler

CWE-834 Proxygen MEDIUM Facebook 2025

Referanslar

https://github.com/facebook/proxygen/commit/17689399ef99b7c3d3a8b2b768b1dba1a4b72f8f https://www.facebook.com/security/advisories/cve-2025-55181

Benzer Kayıtlar

High

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-ser…

High

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a den…

Medium

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 1…

High

CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 1…

Critical

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1…

Medium

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writabl…