2353926 – (CVE-2025-30160) CVE-2025-30160 redlib: Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Bug 2353926 (CVE-2025-30160) - CVE-2025-30160 redlib: Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Summary: CVE-2025-30160 redlib: Redlib allows a Denial of Service via DEFLATE Decompre...

Keywords:
Status:	NEW
Alias:	CVE-2025-30160
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2354018 2354019
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-20 19:01 UTC by OSIDB Bzimport
Modified:	2025-03-21 11:30 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-20 19:01:27 UTC

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.

Note You need to log in before you can comment on or make changes to this bug.