Home > Vulnerability Database > CVE-2025-29908

Mend.io Vulnerability Database

CVE-2025-29908

Good to know:

Date: March 31, 2025

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/netty/netty-incubator-codec-quic

Url: https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory

Url: https://github.com/netty/netty-incubator-codec-quic/commit/e059bd9b78723f8b035e0c547e42ce263f03461c

Url: https://github.com/netty/netty-incubator-codec-quic/security/advisories/GHSA-hqqc-jr88-p6x2

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-29908

Url: https://www.mend.io/vulnerability-database/CVE-2025-29908

Severity Score

5.3

Weakness Type (CWE)

Inefficient Algorithmic Complexity

CWE-407

Top Fix

Upgrade Version

Upgrade to version io.netty.incubator:netty-incubator-codec-classes-quic:0.0.71.Final;https://github.com/netty/netty-incubator-codec-quic.git - netty-incubator-codec-parent-quic-0.0.71.Final

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-29908

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?