CVE-2025-4820

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-4820
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4820.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4820
Aliases
  • GHSA-2v9p-3p3h-w56j
Published
2025-06-18T16:15:28.403Z
Modified
2026-04-10T05:28:11.403900Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.

Patches

quiche 0.24.4 is the earliest version containing the fix for this issue.

References

Affected packages

Git / github.com/cloudflare/quiche

Affected ranges

Type
GIT
Repo
https://github.com/cloudflare/quiche
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
70d6d3e233568e906e66179a56c93cf9b0616899
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.24.4"
        }
    ]
}

Affected versions

0.*
0.1.0
0.1.0-alpha1
0.1.0-alpha2
0.1.0-alpha3
0.1.0-alpha4
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.15.0
0.16.0
0.17.1
0.17.2
0.18.0
0.19.0
0.2.0
0.20.0
0.21.0
0.22.0
0.23.0
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7
0.24.0
0.24.1
0.24.2
0.24.3
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.8.1
0.9.0
buffer-pool-0.*
buffer-pool-0.1.0
datagram-socket-0.*
datagram-socket-0.1.0
datagram-socket-0.1.1
datagram-socket-0.2.0
datagram-socket-0.3.0
h3i-0.*
h3i-0.2.0
h3i-0.3.0
h3i-0.4.0
octets-0.*
octets-0.2.0
octets-0.3.0
qlog-0.*
qlog-0.10.0
qlog-0.11.0
qlog-0.12.0
qlog-0.13.0
qlog-0.14.0
qlog-0.15.0
qlog-0.15.1
qlog-0.15.2
qlog-0.2.0
qlog-0.3.0
qlog-0.4.0
qlog-0.5.0
qlog-0.6.0
qlog-0.7.0
qlog-0.8.0
qlog-0.9.0
task-killswitch-0.*
task-killswitch-0.1.0
tokio-quiche-0.*
tokio-quiche-0.1.0
tokio-quiche-0.2.0
tokio-quiche-0.2.1
tokio-quiche-0.2.2
tokio-quiche-0.3.0
tokio-quiche-0.3.1
tokio-quiche-0.3.2
tokio-quiche-0.4.0
tokio-quiche-0.4.1
tokio-quiche-0.4.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4820.json"