CNNVD-202510-2485 Information
CNNVD ID
CNNVD-202510-2485
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.4.1之前版本存在资源管理错误漏洞,该漏洞源于JSON对象反序列化后可能占用过多内存,可能导致拒绝服务攻击。
Description (English)
OpenBao is a sensitive data management software for OpenBao open source. The previous version of OpenBao 2.4.1 contained a misdirection of resource management, which stemmed from the possibility of over-encumbering JSON ’ s object inverse sequence, which could lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
OpenBao
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/openbao/openbao/blob/788536bd3e10818a7b4fb00aac6affc23388e5a9/ https://github.com/openbao/openbao/commit/d418f238bc99adc72c73109faf574cc2b672880c https://github.com/openbao/openbao/pull/1756 https://github.com/openbao/openbao/security/advisories/GHSA-g46h-2rq9-gw5m
Patch
https://github.com/openbao/openbao/releases
Share on: