CVE-2025-55181 – Apache Quic HTTP Denial of Service (DoS)

CVE ID : CVE-2025-55181

Published : Dec. 2, 2025, 10:13 p.m. | 12 minutes ago

Description : Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…