CVE-2025-63655
BaseFortify
Publication date: 2026-01-29
Last updated on: 2026-02-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| monkey-project | monkey | to 1.8.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a NULL pointer dereference in the mk_http_range_parse function of the Monkey HTTP server. Specifically, if an attacker sends a crafted HTTP request with a malformed Range header (e.g., containing a null character followed by a dash and equal sign in a certain order), it causes the server to dereference a null pointer, leading to a segmentation fault and crashing the server (Denial of Service). [1]
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) by crashing the Monkey HTTP server when it processes a specially crafted HTTP request. This means an attacker can disrupt the availability of the server, making it unavailable to legitimate users. Additionally, related issues in the same codebase may allow for more severe impacts like remote code execution, but this specific vulnerability leads to server crashes. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP requests containing malformed Range headers, specifically those starting with "bytes" followed by a null character and containing a dash before an equal sign (e.g., `Range: bytes\0-=`). Additionally, detection can involve checking for unusually long URLs starting with a slash followed by a null character that exceed 1024 bytes. Commands to detect such attempts could include using network packet capture tools like tcpdump or Wireshark with filters for suspicious Range headers or malformed URLs. For example, using tcpdump: `tcpdump -A -s 0 'tcp port 80 and (((tcp[((tcp[12:1] & 0xf0) >> 2):4]) = 0x52616e67))'` to filter packets containing "Range" headers. However, no specific commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Monkey HTTP server to a version where these vulnerabilities are fixed once available. Until then, consider implementing network-level filtering to block HTTP requests with suspicious Range headers or malformed URLs as described. Additionally, monitoring and restricting incoming HTTP requests to prevent crafted requests that exploit the vulnerability can help reduce risk. No specific mitigation commands or patches are detailed in the resources. [1]