CVE-2025-59348
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | dragonfly | to 2.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-457 | The code uses a variable that has not been initialized, leading to unpredictable or unintended results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Dragonfly, an open source P2P file distribution system, occurs because the processPieceFromSource method does not update the usedTraffic field correctly. An uninitialized variable 'n' is used instead of the actual result.Size variable, causing the usedTraffic metadata to remain unchanged during task processing. As a result, rate limiting is applied incorrectly, which can lead to a denial-of-service condition for the peer processing the task. The issue is fixed in version 2.1.0.
How can this vulnerability impact me? :
The vulnerability can cause a denial-of-service condition for peers in the Dragonfly system because rate limiting is not applied correctly. This means that affected peers may become overwhelmed or unable to process tasks properly, potentially disrupting file distribution and image acceleration services relying on Dragonfly.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Dragonfly to version 2.1.0 or later, as this version contains the fix for the vulnerability where the usedTraffic field is not updated correctly, preventing the denial-of-service condition.