Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2025-8671
Assigner-CERT/CC
ShareView Details
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.58%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 12:03
Updated-17 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

Action-Not Available
Vendor-FastlyWind RiverVarnish SoftwareSUSE
Product-SUSE Manager ServerVarnish CacheEnterprise Module for Dev ToolsSUSE Manager Retail Branch ServerEnterprise Module for Development ToolsopenSUSE LeapLinuxSUSE Manager Server LTSEnterprise Server for SAP ApplicationsH20SUSE Manager ProxyEnterprise High Performance Computing (HPC)Enterprise Module for Package HubEnterprise ServerVarnish EnterpriseEnterprise High Performance ComputingEnterprise Desktop
CWE ID-CWE-404
Improper Resource Shutdown or Release