Back to search
CVE-2025-5399
Published: Jun 7, 2025
Modified: Jun 9, 2025
PUBLISHED
Description
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
| Vendor | Product | Versions |
|---|---|---|
curl | curl | affected 8.14.0 - <= 8.14.0affected 8.13.0 - <= 8.13.0 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now