UBUNTU-CVE-2025-8671

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-8671

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-8671.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-8671

Upstream

CVE-2025-8671

Published

2025-08-15T00:00:00Z

Modified

2025-08-22T17:01:17Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

References

Affected packages

Ubuntu:Pro:14.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.33-1+nmu2ubuntu2.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.31-3ubuntu3

1.4.33-1ubuntu1

1.4.33-1+nmu2ubuntu1

1.4.33-1+nmu2ubuntu2

1.4.33-1+nmu2ubuntu2.1

1.4.33-1+nmu2ubuntu2.1+esm1

Ubuntu:Pro:14.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@3.0.5-2ubuntu0.1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-1ubuntu1

3.0.4-1ubuntu2

3.0.5-1ubuntu2

3.0.5-2

3.0.5-2ubuntu0.1

Ubuntu:Pro:16.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.35-4ubuntu2.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.35-4ubuntu1

1.4.35-4ubuntu2

1.4.35-4ubuntu2.1

1.4.35-4ubuntu2.1+esm1

Ubuntu:Pro:16.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@4.1.1-1ubuntu0.2+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.3-1

4.1.0-1

4.1.0-2

4.1.1-1

4.1.1-1ubuntu0.2

4.1.1-1ubuntu0.2+esm1

Ubuntu:Pro:18.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2

2.2.4+dfsg-1

2.2.4+dfsg-1build1

2.2.4+dfsg-1ubuntu0.1~esm2

Ubuntu:Pro:18.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.45-1ubuntu3.18.04.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.45-1ubuntu1

1.4.45-1ubuntu3

1.4.45-1ubuntu3+esm1

1.4.45-1ubuntu3.18.04

1.4.45-1ubuntu3.18.04+esm1

1.4.45-1ubuntu3.18.04.1

1.4.45-1ubuntu3.18.04.1+esm1

Ubuntu:Pro:18.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@5.2.1-1ubuntu0.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.0-7.1

5.2.1-1

5.2.1-1ubuntu0.1

5.2.1-1ubuntu0.1+esm1

Ubuntu:Pro:20.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3build1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-3

2.2.5+dfsg2-3build1

Ubuntu:Pro:20.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.55-1ubuntu1.20.04.2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.53-4ubuntu2

1.4.54-2ubuntu1

1.4.55-1ubuntu1

1.4.55-1ubuntu1.20.04.1

1.4.55-1ubuntu1.20.04.2

Ubuntu:Pro:20.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@6.2.1-2ubuntu0.2+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.1.1-1

6.2.1-2

6.2.1-2ubuntu0.1~esm1

6.2.1-2ubuntu0.1~esm2

6.2.1-2ubuntu0.1

6.2.1-2ubuntu0.2

6.2.1-2ubuntu0.2+esm1

Ubuntu:22.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-6

2.2.5+dfsg2-6.1

2.2.5+dfsg2-6.1ubuntu1

2.2.5+dfsg2-6.1ubuntu2

Ubuntu:22.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.63-1ubuntu3.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.59-1ubuntu2

1.4.59-1ubuntu3

1.4.63-1ubuntu1

1.4.63-1ubuntu2

1.4.63-1ubuntu3

1.4.63-1ubuntu3.1

Ubuntu:22.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@6.6.1-1ubuntu0.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.2-1

6.6.1-1

6.6.1-1ubuntu0.2

Ubuntu:24.04:LTS / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-8.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-7

2.2.5+dfsg2-8

2.2.5+dfsg2-8.1ubuntu1

2.2.5+dfsg2-8.1ubuntu2

2.2.5+dfsg2-8.1ubuntu3

Ubuntu:24.04:LTS / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.74-1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.69-1ubuntu1

1.4.69-1ubuntu2

1.4.73-1ubuntu1

1.4.73-1ubuntu2

1.4.74-1ubuntu2

1.4.74-1ubuntu3

Ubuntu:24.04:LTS / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@7.1.1-1.1ubuntu1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.1.1-1.1ubuntu1

Ubuntu:25.04 / h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.5+dfsg2-11?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.5+dfsg2-8.1ubuntu3

2.2.5+dfsg2-11~build

2.2.5+dfsg2-11

Ubuntu:25.04 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/ubuntu/lighttpd@1.4.79-1ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.76-1ubuntu1

1.4.76-1ubuntu2

1.4.76-1ubuntu3

1.4.77-1ubuntu1

1.4.79-1ubuntu1

Ubuntu:25.04 / varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish@7.7.0-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.5.0-3

7.7.0-1