CVE-2025-30403
- Source
- https://cve.org/CVERecord?id=CVE-2025-30403
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30403.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-30403
- Published
- 2025-07-11T19:15:23.327Z
- Modified
- 2026-04-12T14:42:33.598238Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.
- References
Affected packages
Git / github.com/facebook/mvfst
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/mvfst
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2023.*
v2023.07.24.00
v2023.08.07.00
v2023.08.14.00
v2023.08.28.00
v2023.09.04.00
v2023.09.11.00
v2023.09.18.00
v2023.09.25.00
v2023.10.02.00
v2023.10.09.00
v2023.10.16.00
v2023.10.23.00
v2023.10.30.00
v2023.11.06.00
v2023.11.13.00
v2023.11.20.00
v2023.11.27.00
v2023.12.04.00
v2023.12.11.00
v2023.12.18.00
v2023.12.25.00
v2024.*
v2024.01.01.00
v2024.01.08.00
v2024.01.15.00
v2024.01.22.00
v2024.01.29.00
v2024.02.05.00
v2024.02.12.00
v2024.02.19.00
v2024.02.26.00
v2024.03.04.00
v2024.03.11.00
v2024.03.18.00
v2024.03.25.00
v2024.04.01.00
v2024.04.08.00
v2024.04.15.00
v2024.04.22.00
v2024.04.29.00
v2024.05.02.00
v2024.05.06.00
v2024.05.13.00
v2024.05.20.00
v2024.05.27.00
v2024.06.03.00
v2024.06.10.00
v2024.06.17.00
v2024.06.24.00
v2024.07.01.00
v2024.07.08.00
v2024.07.15.00
v2024.07.22.00
v2024.07.29.00
v2024.08.05.00
v2024.08.12.00
v2024.08.19.00
v2024.08.26.00
v2024.09.02.00
v2024.09.09.00
v2024.09.16.00
v2024.09.23.00
v2024.09.30.00
v2024.10.07.00
v2024.10.14.00
v2024.10.21.00
v2024.10.28.00
v2024.11.04.00
v2024.11.11.00
v2024.11.18.00
v2024.11.25.00
v2024.12.02.00
v2024.12.09.00
v2024.12.16.00
v2024.12.23.00
v2024.12.30.00
v2025.*
v2025.01.06.00
v2025.01.13.00
v2025.01.20.00
v2025.01.27.00
v2025.02.03.00
v2025.02.10.00
v2025.02.17.00
v2025.02.24.00
v2025.03.03.00
v2025.03.10.00
v2025.03.17.00
v2025.03.24.00
v2025.03.31.00
v2025.04.07.00
v2025.04.14.00
v2025.04.21.00
v2025.04.28.00
v2025.05.05.00
v2025.05.12.00
v2025.05.19.00
v2025.05.26.00
v2025.06.02.00
v2025.06.09.00
v2025.06.16.00
v2025.06.23.00
v2025.06.30.00
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/server/test/QuicServerTransportTest.cpp"
},
"id": "CVE-2025-30403-b96d41c6",
"deprecated": false,
"digest": {
"line_hashes": [
"109635496399465194200365249824753989248",
"268241433506113120131676170924760634205",
"210433768695664219401397956953288459121",
"241238244522086551514124920129695241379",
"94261832321462151248039445531238162804",
"6513156253446097844455784851518529280",
"215852990144267569037920970715087428413",
"296481722082696841595871374931381935909",
"218001601192870813037414502163739957469",
"223587628361970460774825732875919793282",
"4898243644475824479626002985620819604",
"88171764556776383983025629606954914206"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/server/QuicServerTransport.cpp",
"function": "QuicServerTransport::registerAllTransportKnobParamHandlers"
},
"id": "CVE-2025-30403-c273afb7",
"deprecated": false,
"digest": {
"function_hash": "208723450299243019982314994445398926972",
"length": 22053.0
}
},
{
"signature_type": "Function",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/server/test/QuicServerTransportTest.cpp",
"function": "TEST_F"
},
"id": "CVE-2025-30403-cab423e0",
"deprecated": false,
"digest": {
"function_hash": "131352266776178433337981149495555933547",
"length": 1174.0
}
},
{
"signature_type": "Line",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/common/BufUtil.h"
},
"id": "CVE-2025-30403-d6a6fed0",
"deprecated": false,
"digest": {
"line_hashes": [
"112413491556449806323921950655555871787",
"323003975541744755148479121280525306468",
"282787821402900262813170755968408752509",
"93631063314172836112038762810507550986",
"250827278477683185329084737067662343158"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/common/test/BufUtilTest.cpp"
},
"id": "CVE-2025-30403-d8e3ec75",
"deprecated": false,
"digest": {
"line_hashes": [
"25318259841628669304498105988064049258",
"54343792301131539265578558428474522963",
"135238316927150974846704469556209322648",
"104483566425259149333323491647665949693",
"302474871860117260875644444111670109765",
"88511704264196397464906093098424352689",
"284566009702899207254084659850051958906",
"296320280866619474700431786733373419585"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"source": "https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0",
"signature_version": "v1",
"target": {
"file": "quic/server/QuicServerTransport.cpp"
},
"id": "CVE-2025-30403-e09dc165",
"deprecated": false,
"digest": {
"line_hashes": [
"62004651989832169906048942366993483805",
"285551130117691970366812518589171239233",
"26504857526276584604788099026189146014",
"53159096773085882321926762415562697007",
"87683309468235957172019986777384480191"
],
"threshold": 0.9
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30403.json"
vanir_signatures_modified
"2026-04-12T14:42:33Z"