CVE-2025-49179

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/security/cve/CVE-2025-49179
https://bugzilla.redhat.com/show_bug.cgi?id=2369978

Configurations

No configuration.

History

30 Jun 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9964 -

30 Jun 2025, 09:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 7.3

23 Jun 2025, 19:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 - () https://access.redhat.com/errata/RHSA-2025:9392 -

23 Jun 2025, 07:15

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en la extensión X Record. La función RecordSanityCheckRegisterClients no verifica si hay un desbordamiento de enteros al calcular la longitud de la solicitud, lo que permite que un cliente omita las verificaciones de longitud.
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 -
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 -
References		() https://access.redhat.com/errata/RHSA-2025:9303 - () https://access.redhat.com/errata/RHSA-2025:9304 - () https://access.redhat.com/errata/RHSA-2025:9305 - () https://access.redhat.com/errata/RHSA-2025:9306 -

17 Jun 2025, 20:50

Type	Values Removed	Values Added
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9303', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9304', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9305', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9306', 'source': 'secalert@redhat.com'}~~
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9303', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9304', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9305', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9306', 'source': 'secalert@redhat.com'}~~
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9303', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9304', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9305', 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2025:9306', 'source': 'secalert@redhat.com'}~~

17 Jun 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 15:15

Updated : 2025-06-30 20:15

NVD link : CVE-2025-49179

Mitre link : CVE-2025-49179

CVE.ORG link : CVE-2025-49179

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

7.3 /10