CVE-2025-59348

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0

Description The processPieceFromSource method in Dragonfly does not correctly update the usedTraffic field within the Task structure due to the use of an uninitialized variable (n) instead of result.Size when calling the AddTraffic method. This incorrect rate limiting can lead to a denial-of-service condition for the peer processing the task.

Recommendations Upgrade to Dragonfly version 2.1.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457

Related Identifiers

CVE-2025-59348

GHSA-2QGR-GFVJ-QPCR

GO-2025-3963

OPENSUSE-SU-2025:15576-1

SUSE-SU-2025:3799-1

Affected Products

Dragonfly

CVE-2025-59348

Weakness Enumeration

Related Identifiers

Affected Products

References · 47