PT-2025-21343 · Undici+2 · Undici+2
Styfle
·
Published
2025-05-15
·
Updated
2026-03-19
·
CVE-2025-47279
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Undici versions prior to 5.29.0
Undici versions prior to 6.21.2
Undici versions prior to 7.5.0
Description:
The issue affects applications that use Undici to implement a webhook-like system. If an attacker sets up a server with an invalid certificate and forces the application to call the webhook repeatedly, it can cause a memory leak.
Recommendations:
For versions prior to 5.29.0, update to version 5.29.0 or later.
For versions prior to 6.21.2, update to version 6.21.2 or later.
For versions prior to 7.5.0, update to version 7.5.0 or later.
As a temporary workaround, avoid calling a webhook repeatedly if the webhook fails.
Exploit
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Os
Undici