Kapil Shewate created CASSANDRA-21116:
-----------------------------------------
Summary: CVE-2025-55163 Reported by BlackDuck scan in Cassandra
5.0.4
Key: CASSANDRA-21116
URL: https://issues.apache.org/jira/browse/CASSANDRA-21116
Project: Apache Cassandra
Issue Type: Bug
Reporter: Kapil Shewate
CVE-2025-55163
Netty is an asynchronous, event-driven network application framework. Prior to
versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset
DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses
malformed HTTP/2 control frames in order to break the max concurrent streams
limit - which results in resource exhaustion and distributed denial of service.
This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
