CVE-2025-43915

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-43915
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43915.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-43915
Aliases
Downstream
Related
Published
2025-05-05T17:18:49.603Z
Modified
2026-04-10T05:26:43.586705Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
[none]
Details

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.

References

Affected packages

Git / github.com/linkerd/linkerd2

Affected ranges

Type
GIT
Repo
https://github.com/linkerd/linkerd2
Events
Introduced
775dc9fbd9d9e1eb043f0ca613a66cdba8e316de
Last affected
526633fdeea30fd1c51c9ee5ef8ec889949cef87
Introduced
a4bec904cc19d30441fb4ab591cff0a1edc66c20
Last affected
1ea6b271718f90182bdf747490895784988e980e
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
faa3f617eef5b53c86829cb88687bbfa8cc1d3ed
Database specific 
{
    "versions": [
        {
            "introduced": "2.13.0"
        },
        {
            "last_affected": "2.13.7"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "last_affected": "2.14.10"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "25.2.1"
        }
    ]
}

Affected versions

edge-23.*
edge-23.10.1
edge-23.10.2
edge-23.10.3
edge-23.10.4
edge-23.11.1
edge-23.11.2
edge-23.11.3
edge-23.11.4
edge-23.12.1
edge-23.12.2
edge-23.12.3
edge-23.12.4
edge-23.9.1
edge-23.9.2
edge-23.9.3
edge-23.9.4
edge-24.*
edge-24.1.1
edge-24.1.2
edge-24.1.3
edge-24.10.1
edge-24.10.2
edge-24.10.3
edge-24.10.4
edge-24.10.5
edge-24.11.1
edge-24.11.2
edge-24.11.3
edge-24.11.4
edge-24.11.5
edge-24.11.6
edge-24.11.7
edge-24.11.8
edge-24.2.1
edge-24.2.2
edge-24.2.3
edge-24.2.4
edge-24.2.5
edge-24.3.1
edge-24.3.2
edge-24.3.3
edge-24.3.4
edge-24.3.5
edge-24.4.1
edge-24.4.2
edge-24.4.3
edge-24.4.4
edge-24.4.5
edge-24.5.1
edge-24.5.2
edge-24.5.3
edge-24.5.4
edge-24.5.5
edge-24.6.1
edge-24.6.2
edge-24.6.3
edge-24.6.4
edge-24.7.1
edge-24.7.2
edge-24.7.3
edge-24.7.4
edge-24.7.5
edge-24.8.1
edge-24.8.2
edge-24.8.3
edge-24.9.1
edge-24.9.2
edge-24.9.3
edge-25.*
edge-25.1.1
edge-25.1.2
stable-2.*
stable-2.13.0
stable-2.13.1
stable-2.13.3
stable-2.13.4
stable-2.13.5
stable-2.13.6
stable-2.13.7
stable-2.14.0
stable-2.14.1
stable-2.14.10
stable-2.14.2
stable-2.14.3
stable-2.14.4
stable-2.14.5
stable-2.14.6
stable-2.14.7
stable-2.14.8
stable-2.14.9
version-2.*
version-2.15
version-2.16
version-2.17

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43915.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "2.15.0"
            },
            {
                "last_affected": "2.15.7"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.16.0"
            },
            {
                "fixed": "2.16.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.17.0"
            },
            {
                "fixed": "2.17.2"
            }
        ]
    }
]