CNNVD-202509-711 Information
CNNVD ID
CNNVD-202509-711
Related CVE
- CNNVD Published: 2025-09-05
Description (Chinese)
FS2是typelevel.scala开源的一个Scala的组合式流式I/O库。 FS2 3.12.2及之前版本和3.13.0-M1至3.13.0-M6版本存在资源管理错误漏洞,该漏洞源于TLS会话处理不当,可能导致拒绝服务攻击。
Description (English)
FS2 is a Scala modular flow I/O library from typelevel.scala. FS2 3.12.2 and previous versions and versions 3.1.3.0-M1 to 3.1.3.0-M6 contain an error in the management of resources resulting from the mishandling of TLS sessions, which may lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
typelevel.scala
Published
2025-09-05
Last Modified
2026-02-24
References
https://github.com/typelevel/fs2/commit/edf0c4f2e660360d1c1a8c5377ce32294de89238 https://github.com/typelevel/fs2/security/advisories/GHSA-rrw2-px9j-qffj https://github.com/typelevel/fs2/commit/5c6c4c6c1ef330f7e6b53661ecc63d5f5ba8885c https://github.com/typelevel/fs2/issues/3590 https://github.com/typelevel/fs2/commit/46e2dc3abf994dcf3d0b804b2ddb3c10c04d4976 https://github.com/typelevel/fs2/releases/tag/v3.12.2 https://github.com/typelevel/fs2/releases/tag/v3.13.0-M7 https://access.redhat.com/security/cve/cve-2025-58369
Patch
https://github.com/typelevel/fs2/releases
Share on: