-
Vulnerability
-
Resolution: Done-Errata
-
Major
-
RHDG 8.5.0 GA
-
False
-
-
False
-
-
-
-
-
CVEORG
-
CVE-2025-55163
-
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CWE-770
-
netty-codec-http2
-
netty; netty-codec-http2
-
Minor Incident
-
False
-
Important
Security Tracking Issue
Do not make this issue public.
Flaw:
Netty MadeYouReset HTTP/2 DDoS Vulnerability
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.
~~~
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Tracker accuracy feedback form: https://docs.google.com/forms/d/e/1FAIpQLSfa6zTaEGohRdiIqGVAvWTSAL0kpO_DkkEICuIHzQHFwmKswg/viewform
- links to
-
RHSA-2025:154036 Red Hat Data Grid 8.5.5 security update