CNNVD-202509-2679 Information

CNNVD ID

CNNVD-202509-2679

Related CVE

CVE-2025-59348

• CNNVD Published: 2025-09-17

Description (Chinese)

Dragonfly是DragonflyDB开源的一个框架，可以对任何内容类型进行动态处理。 Dragonfly 2.1.0之前版本存在安全漏洞，该漏洞源于未初始化变量n被用作AddTraffic方法调用的保护条件，导致usedTraffic字段未更新，可能引发拒绝服务攻击。

Description (English)

Dragonfly is an open-source framework for DragonflyDB that can dynamically process any type of content. There was a security loophole in the pre-Dragonfly 2.1.0 version, which stemmed from the fact that the uninitiated variable n was used as a protection condition for the Addtraffic method, resulting in the unupdated use of the Traffic field, which could trigger a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

如梦技术

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-2qgr-gfvj-qpcr

Patch

https://d7y.io/