CVE-2025-8671
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-04
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerdns | dnsdist | 1.9.1 |
| powerdns | dnsdist | 1.9.0 |
| varnish | varnish_cache | 6.0 |
| varnish | varnish_cache | 5.x |
| varnish | varnish_cache | 7.6.4 |
| varnish | varnish_cache | 6.0.x |
| varnish | varnish_cache | 7.x |
| varnish | varnish_cache | 6.0.15 |
| varnish | varnish_cache | 6.0.14r5 |
| varnish | varnish_cache | 7.7.2 |
| h2o | h2o | * |
| varnish | varnish_cache | 6.x |
| varnish | varnish_cache | 6.0.14 |
| powerdns | dnsdist | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability arises from a mismatch between HTTP/2 specifications and some HTTP/2 implementations' internal architectures. Specifically, when a client triggers server-sent stream resets rapidlyβusing malformed frames or flow control errorsβthe server incorrectly accounts for streams. Although the protocol considers reset streams closed, the server continues backend processing, allowing an attacker to cause the server to handle an unlimited number of concurrent streams on a single connection.
How can this vulnerability impact me? :
The vulnerability can lead to excessive consumption of server resources, resulting in a denial-of-service (DoS) condition. An attacker exploiting this can overwhelm the server by causing it to process an unbounded number of concurrent streams, potentially making the service unavailable to legitimate users.