CURL-CVE-2025-5399

See a problem?
Please try reporting it to the source first.
Source
https://curl.se/docs/CVE-2025-5399.html
Import Source
https://curl.se/docs/CURL-CVE-2025-5399.json
JSON Data
https://api.test.osv.dev/v1/vulns/CURL-CVE-2025-5399
Aliases
Published
2025-06-04T08:00:00Z
Modified
2025-06-04T07:44:49Z
Summary
WebSocket endless loop
Details

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop.

There is no other way for the application to escape or exit this loop other than killing the thread/process.

This might be used to DoS libcurl-using application.

Database specific 
{
    "URL": "https://curl.se/docs/CVE-2025-5399.json",
    "award": {
        "currency": "USD",
        "amount": "505"
    },
    "last_affected": "8.14.0",
    "affects": "lib",
    "issue": "https://hackerone.com/reports/3168039",
    "www": "https://curl.se/docs/CVE-2025-5399.html",
    "CWE": {
        "desc": "Loop with Unreachable Exit Condition ('Infinite Loop')",
        "id": "CWE-835"
    },
    "package": "curl",
    "severity": "Low"
}
References
Credits
    • z2_ on hackerone - FINDER
    • z2_ on hackerone - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type
SEMVER
Events
Introduced
8.13.0
Fixed
8.14.1
Type
GIT
Repo
https://github.com/curl/curl.git
Events
Introduced
3588df9478d7c27046b34cdb510728a26bedabc7
Fixed
d1145df24de8f80e6b167fbc4f28b86bcd0c6832

Affected versions

8.*

8.13.0
8.14.0

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/curl/curl.git/commit/d1145df24de8f80e6b167fbc4f28b86bcd0c6832",
            "signature_version": "v1",
            "digest": {
                "length": 3224.0,
                "function_hash": "246136244445171702857622217714330817191"
            },
            "target": {
                "file": "lib/ws.c",
                "function": "curl_ws_send"
            },
            "deprecated": false,
            "id": "CURL-CVE-2025-5399-5c67c32b",
            "signature_type": "Function"
        },
        {
            "source": "https://github.com/curl/curl.git/commit/d1145df24de8f80e6b167fbc4f28b86bcd0c6832",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "205927081312732682779716038169572163720",
                    "200262896965368108989613347175457420328",
                    "191061302736480628505507033467536312329",
                    "305720063265502571742731976555669608845"
                ]
            },
            "target": {
                "file": "lib/ws.c"
            },
            "deprecated": false,
            "id": "CURL-CVE-2025-5399-7940916e",
            "signature_type": "Line"
        }
    ]
}