Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ey97-9yys-7bha

Summary

Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.



Patches


quiche 0.24.4 is the earliest version containing the fix for this issue.

Aliases

alias	CVE-2025-4821

Fixed_packages

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4821

reference_id

reference_type

scores

value	0.00324
scoring_system	epss
scoring_elements	0.55441
published_at	2026-04-02T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55444
published_at	2026-04-07T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55495
published_at	2026-04-09T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55505
published_at	2026-04-11T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55484
published_at	2026-04-12T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55467
published_at	2026-04-13T12:55:00Z

value	0.00324
scoring_system	epss
scoring_elements	0.55465
published_at	2026-04-04T12:55:00Z

value	0.00833
scoring_system	epss
scoring_elements	0.74635
published_at	2026-04-16T12:55:00Z

value	0.00833
scoring_system	epss
scoring_elements	0.74642
published_at	2026-04-18T12:55:00Z

value	0.00833
scoring_system	epss
scoring_elements	0.74634
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4821

reference_url

https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m

reference_id

GHSA-6m38-4r9r-5c4m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T18:29:42Z/

url

https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m

Weaknesses

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ey97-9yys-7bha

Vulnerability Instance