Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-tsj1-ebsc-zbhm

Summary

Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.



Patches


quiche 0.24.4 is the earliest version containing the fix for this issue.

Aliases

alias	CVE-2025-4820

Fixed_packages

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4820

reference_id

reference_type

scores

value	0.00335
scoring_system	epss
scoring_elements	0.563
published_at	2026-04-02T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56354
published_at	2026-04-08T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56359
published_at	2026-04-09T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56369
published_at	2026-04-11T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56345
published_at	2026-04-12T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56327
published_at	2026-04-13T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56322
published_at	2026-04-04T12:55:00Z

value	0.00335
scoring_system	epss
scoring_elements	0.56302
published_at	2026-04-07T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75062
published_at	2026-04-21T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75064
published_at	2026-04-16T12:55:00Z

value	0.0086
scoring_system	epss
scoring_elements	0.75072
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4820

reference_url

https://github.com/cloudflare/quiche/security/advisories/GHSA-2v9p-3p3h-w56j

reference_id

GHSA-2v9p-3p3h-w56j

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T18:27:27Z/

url

https://github.com/cloudflare/quiche/security/advisories/GHSA-2v9p-3p3h-w56j

Weaknesses

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Exploits

Severity_range_score 5.3 - 5.3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsj1-ebsc-zbhm

Vulnerability Instance