Description

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.

INFO

Published Date :

2025-12-02T22:13:31.101Z

Last Modified :

2025-12-03T00:33:57.022Z

Source :

Meta
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55181 vulnerability.

Vendors Products
Facebook
  • Proxygen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55181.

URL Resource
https://github.com/facebook/proxygen/commit/17689399ef99b7c3d3a8b2b768b1dba1a4b72f8f cve-icon cve-icon
https://www.facebook.com/security/advisories/cve-2025-55181 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact