Description

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final.

INFO

Published Date :

2025-03-31T18:43:44.172Z

Last Modified :

2025-04-01T13:50:43.647Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29908 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29908.

URL Resource
https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory cve-icon cve-icon
https://github.com/netty/netty-incubator-codec-quic/commit/e059bd9b78723f8b035e0c547e42ce263f03461c cve-icon cve-icon
https://github.com/netty/netty-incubator-codec-quic/security/advisories/GHSA-hqqc-jr88-p6x2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact