PT-2025-25661 · Unknown+11 · Big Requests Extension+11

Julian Suleder

Published

2025-03-27

Updated

2026-05-03

CVE-2025-49176

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Big Requests extension (affected versions not specified)

Description A flaw was found in the Big Requests extension, where the request length is multiplied by 4 before checking against the maximum allowed size. This can potentially cause an integer overflow, allowing an attacker to bypass the size check.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:9303

ALSA-2025:9304

ALSA-2025:9305

ALSA-2025:9306

ALSA-2025:9392

ALT-PU-2025-8331

ALT-PU-2025-8333

AZL-64196

AZL-64232

BDU:2025-11903

CESA-2025_9305

CESA-2025_9392

CVE-2025-49176

DLA-4230-1

DSA-5947-1

INFSA-2025_9303

INFSA-2025_9305

INFSA-2025_9306

INFSA-2025_9392

MGASA-2025-0199

OESA-2026-2141

OESA-2026-2142

OESA-2026-2143

OPENSUSE-SU-2025:15310-1

OPENSUSE-SU-2025:15311-1

RHSA-2025:10258

RHSA-2025:10342

RHSA-2025:10343

RHSA-2025:10344

RHSA-2025:10346

RHSA-2025:10347

RHSA-2025:10348

RHSA-2025:10349

RHSA-2025:10350

RHSA-2025:10351

RHSA-2025:10352

RHSA-2025:10355

RHSA-2025:10356

RHSA-2025:10360

RHSA-2025:10370

RHSA-2025:10374

RHSA-2025:10375

RHSA-2025:10376

RHSA-2025:10377

RHSA-2025:10378

RHSA-2025:10381

RHSA-2025:10410

RHSA-2025:9303

RHSA-2025:9304

RHSA-2025:9305

RHSA-2025:9306

RHSA-2025:9392

RHSA-2025:9964

RHSA-2025_9303

RHSA-2025_9305

RHSA-2025_9306

RHSA-2025_9392

SUSE-SU-2025:01974-1

SUSE-SU-2025:01975-1

SUSE-SU-2025:01977-1

SUSE-SU-2025:01978-1

SUSE-SU-2025:01979-1

SUSE-SU-2025:01980-1

SUSE-SU-2025:01981-1

SUSE-SU-2025:02012-1

SUSE-SU-2025:02187-1

SUSE-SU-2025:02191-1

SUSE-SU-2025:02192-1

SUSE-SU-2025:02206-1

SUSE-SU-2025:02207-1

SUSE-SU-2025:02208-1

SUSE-SU-2025:02224-1

SUSE-SU-2025:02225-1

SUSE-SU-2025_01977-1

SUSE-SU-2025_01978-1

SUSE-SU-2025_01979-1

SUSE-SU-2025_01980-1

SUSE-SU-2025_01981-1

SUSE-SU-2025_02012-1

SUSE-SU-2025_02192-1

SUSE-SU-2025_02206-1

SUSE-SU-2025_02207-1

SUSE-SU-2025_02208-1

SUSE-SU-2025_02224-1

SUSE-SU-2025_02225-1

USN-7573-1

USN-7573-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Big Requests Extension

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2025-25661 · Unknown+11 · Big Requests Extension+11

CVE-2025-49176

Weakness Enumeration

Related Identifiers

Affected Products

References · 173