Bug 2392939 (CVE-2025-52494)
| Summary: | CVE-2025-52494 aws: AdaCore AWS: Missing SSL handshake timeout can cause denial of service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in AdaCore Web Server (AWS) where the server does not enforce a timeout during the SSL handshake when clients connect over HTTPS. Attackers can exploit this by sending specially crafted handshake messages that never complete, tying up the server's worker threads and preventing it from serving legitimate requests, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2402592, 2402593 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-09-03 18:01:20 UTC
|