vulnerability
Red Hat: CVE-2025-5399: curl: libcurl: WebSocket endless loop (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jun 7, 2025 | Jul 17, 2025 | Sep 18, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jun 7, 2025
Added
Jul 17, 2025
Modified
Sep 18, 2025
Description
Due to a mistake in libcurl's WebSocket code, a malicious server can send a
particularly crafted packet which makes libcurl get trapped in an endless
busy-loop.
There is no other way for the application to escape or exit this loop other
than killing the thread/process.
This might be used to DoS libcurl-using application.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-mecab-0-996redhat-upgrade-mecab-debuginfo-0-996redhat-upgrade-mecab-debugsource-0-996redhat-upgrade-mecab-devel-0-996redhat-upgrade-mecab-ipadic-2-7-0-20070801redhat-upgrade-mecab-ipadic-eucjp-2-7-0-20070801redhat-upgrade-mysql-8-4-6redhat-upgrade-mysql-common-8-4-6redhat-upgrade-mysql-debuginfo-8-4-6redhat-upgrade-mysql-debugsource-8-4-6redhat-upgrade-mysql-devel-8-4-6redhat-upgrade-mysql-devel-debuginfo-8-4-6redhat-upgrade-mysql-errmsg-8-4-6redhat-upgrade-mysql-libs-8-4-6redhat-upgrade-mysql-libs-debuginfo-8-4-6redhat-upgrade-mysql-server-8-4-6redhat-upgrade-mysql-server-debuginfo-8-4-6redhat-upgrade-mysql-test-8-4-6redhat-upgrade-mysql-test-data-8-4-6redhat-upgrade-mysql-test-debuginfo-8-4-6redhat-upgrade-rapidjson-devel-1-1-0redhat-upgrade-rapidjson-doc-1-1-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.