CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/security/cve/CVE-2025-49176
https://bugzilla.redhat.com/show_bug.cgi?id=2369954
http://www.openwall.com/lists/oss-security/2025/06/18/2

Configurations

No configuration.

History

30 Jun 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9964 -

30 Jun 2025, 09:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 7.3

23 Jun 2025, 19:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 - () https://access.redhat.com/errata/RHSA-2025:9392 -

23 Jun 2025, 07:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 -

18 Jun 2025, 18:15

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en la extensión Big Requests. La longitud de la solicitud se multiplica por 4 antes de compararla con el tamaño máximo permitido, lo que podría causar un desbordamiento de enteros y omitir la comprobación de tamaño.
References		() http://www.openwall.com/lists/oss-security/2025/06/18/2 -
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9303', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9304', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9305', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9306', 'source': 'secalert@redhat.com'}~~

17 Jun 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 15:15

Updated : 2025-06-30 20:15

NVD link : CVE-2025-49176

Mitre link : CVE-2025-49176

CVE.ORG link : CVE-2025-49176

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

7.3 /10