CVE-2025-55163
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netty | netty | to 4.1.124 (exc) |
| netty | netty | From 4.2.0 (inc) to 4.2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55163, known as the "MadeYouReset" vulnerability, is a logical flaw in the HTTP/2 protocol affecting Netty versions prior to 4.1.124.Final and 4.2.4.Final. It exploits malformed HTTP/2 control frames to bypass the maximum concurrent streams limit by triggering server-sent RST_STREAM frames. This causes the server to incorrectly count active streams, allowing an attacker to create an unbounded number of concurrent streams on a single connection. The result is resource exhaustion on the server, leading to a distributed denial of service (DDoS) condition. [1]
How can this vulnerability impact me? :
This vulnerability can cause resource exhaustion on affected servers, leading to CPU overload and/or memory exhaustion. As a result, the server may become unresponsive or crash, causing a denial of service. This can disrupt normal operations, degrade performance, and potentially cause downtime for services relying on the vulnerable Netty HTTP/2 implementation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP/2 traffic for abnormal patterns of malformed control frames that trigger server RST_STREAM responses, such as WINDOW_UPDATE frames with zero or excessively large increments, HEADERS or DATA frames on half-closed streams with END_STREAM flags, and PRIORITY frames with incorrect lengths. Network packet capture tools like tcpdump or Wireshark can be used to capture HTTP/2 traffic. For example, using tcpdump to capture HTTP/2 traffic on port 443: `tcpdump -i <interface> -w capture.pcap port 443` followed by analysis in Wireshark to filter for HTTP/2 frames and inspect for the triggering primitives described. Additionally, monitoring server logs for excessive RST_STREAM frames sent by the server or unusual stream reset rates can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Netty to versions 4.1.124.Final or 4.2.4.Final or later, where the vulnerability is patched. Additionally, implement rate limiting on the number of RST_STREAM frames sent by the server and control frames sent by clients (such as WINDOW_UPDATE and PRIORITY frames). Treat protocol flow errors as connection errors to prevent exploitation. These mitigations help prevent resource exhaustion caused by the MadeYouReset attack. [1]