CVE-2025-4821

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-4821
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4821.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4821
Aliases
  • GHSA-6m38-4r9r-5c4m
Published
2025-06-18T16:15:28.527Z
Modified
2026-04-10T05:28:11.637178Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.

Patches

quiche 0.24.4 is the earliest version containing the fix for this issue.

References

Affected packages

Git / github.com/cloudflare/quiche

Affected ranges

Type
GIT
Repo
https://github.com/cloudflare/quiche
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
70d6d3e233568e906e66179a56c93cf9b0616899
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.24.4"
        }
    ]
}

Affected versions

0.*
0.1.0
0.1.0-alpha1
0.1.0-alpha2
0.1.0-alpha3
0.1.0-alpha4
0.10.0
0.11.0
0.12.0
0.13.0
0.14.0
0.15.0
0.16.0
0.17.1
0.17.2
0.18.0
0.19.0
0.2.0
0.20.0
0.21.0
0.22.0
0.23.0
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7
0.24.0
0.24.1
0.24.2
0.24.3
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.7.0
0.8.0
0.8.1
0.9.0
buffer-pool-0.*
buffer-pool-0.1.0
datagram-socket-0.*
datagram-socket-0.1.0
datagram-socket-0.1.1
datagram-socket-0.2.0
datagram-socket-0.3.0
h3i-0.*
h3i-0.2.0
h3i-0.3.0
h3i-0.4.0
octets-0.*
octets-0.2.0
octets-0.3.0
qlog-0.*
qlog-0.10.0
qlog-0.11.0
qlog-0.12.0
qlog-0.13.0
qlog-0.14.0
qlog-0.15.0
qlog-0.15.1
qlog-0.15.2
qlog-0.2.0
qlog-0.3.0
qlog-0.4.0
qlog-0.5.0
qlog-0.6.0
qlog-0.7.0
qlog-0.8.0
qlog-0.9.0
task-killswitch-0.*
task-killswitch-0.1.0
tokio-quiche-0.*
tokio-quiche-0.1.0
tokio-quiche-0.2.0
tokio-quiche-0.2.1
tokio-quiche-0.2.2
tokio-quiche-0.3.0
tokio-quiche-0.3.1
tokio-quiche-0.3.2
tokio-quiche-0.4.0
tokio-quiche-0.4.1
tokio-quiche-0.4.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4821.json"