CNNVD-202511-893 Information
CNNVD ID
CNNVD-202511-893
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Bugsink是Bugsink开源的一个自托管Bug跟踪软件。 Bugsink 2.0.5之前版本存在安全漏洞,该漏洞源于服务器在处理高度压缩的brotli流时未应用最大限制,可能导致内存耗尽和拒绝服务攻击。
Description (English)
Bugsink is an open-source Bugsink self-administered Bug tracking software. There was a security loophole in the pre-Bugsink 2.0.5 version, which stemmed from the fact that the server did not apply the maximum limit when dealing with the highly compressed brotli flow, which could lead to depletion of memory and denial of service attacks.
Hazard Level
High
Vulnerability Type
其他
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/bugsink/bugsink/pull/266 https://github.com/google/brotli/issues/1375 https://github.com/bugsink/bugsink/commit/3f65544aab3ad5303d97009136640de97b0676a5 https://github.com/google/brotli/pull/1234 https://github.com/google/brotli/releases/tag/v1.2.0 https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627 https://github.com/google/brotli/issues/1327 https://github.com/bugsink/bugsink/security/advisories/GHSA-fc2v-vcwj-269v https://access.redhat.com/security/cve/cve-2025-64508
Patch
https://github.com/bugsink/bugsink/releases
Share on: