CVE-2025-49176
Detail
Awaiting Analysis This CVE record has been marked for NVD enrichment efforts.
Description
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://www.openwall.com/lists/oss-security/2025/06/18/2
CVE
https://access.redhat.com/errata/RHSA-2025:10258
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10342
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10343
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10344
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10346
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10347
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10348
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10349
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10350
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10351
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10352
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10355
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10356
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10360
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10370
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10374
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10375
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10376
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10377
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10378
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10381
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:10410
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9303
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9304
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9305
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9306
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9392
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2025:9964
Red Hat, Inc.
https://access.redhat.com/security/cve/CVE-2025-49176
Red Hat, Inc.
https://bugzilla.redhat.com/show_bug.cgi?id=2369954
Red Hat, Inc.
https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
Red Hat, Inc.
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
Red Hat, Inc.
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
CVE
https://www.x.org/wiki/Development/Security/
Red Hat, Inc.
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-190
Integer Overflow or Wraparound
Red Hat, Inc.
Change History
13 change records found show changes
CVE Modified by Red Hat, Inc. 12/11/2025 8:15:59 AM
Action
Type
Old Value
New Value
Added
Reference
https://www.x.org/wiki/Development/Security/
CVE Modified by Red Hat, Inc. 12/09/2025 5:16:10 PM
Action
Type
Old Value
New Value
Added
Reference
https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
Added
Reference
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
CVE Modified by CVE 11/03/2025 3:19:08 PM
Action
Type
Old Value
New Value
Added
Reference
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
CVE Modified by Red Hat, Inc. 7/07/2025 10:15:24 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10381
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10410
CVE Modified by Red Hat, Inc. 7/07/2025 4:15:24 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10344
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10346
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10349
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10350
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10351
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10352
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10355
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10356
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10360
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10370
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10374
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10375
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10376
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10377
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10378
CVE Modified by Red Hat, Inc. 7/06/2025 11:15:26 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10342
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10343
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10347
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10348
CVE Modified by Red Hat, Inc. 7/02/2025 4:15:30 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:10258
CVE Modified by Red Hat, Inc. 6/30/2025 4:15:24 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9964
CVE Modified by Red Hat, Inc. 6/30/2025 5:15:26 AM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Removed
CVSS V3.1
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE Modified by Red Hat, Inc. 6/23/2025 3:15:24 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9392
CVE Modified by Red Hat, Inc. 6/23/2025 3:15:19 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9303
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9304
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9305
Added
Reference
https://access.redhat.com/errata/RHSA-2025:9306
CVE Modified by CVE 6/18/2025 2:15:25 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.openwall.com/lists/oss-security/2025/06/18/2
New CVE Received from Red Hat, Inc. 6/17/2025 11:15:45 AM
Action
Type
Old Value
New Value
Added
Description
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Added
CVSS V3.1
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Added
CWE
CWE-190
Added
Reference
https://access.redhat.com/security/cve/CVE-2025-49176
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2369954
Quick Info
CVE Dictionary Entry: CVE-2025-49176 NVD
Published Date: 06/17/2025 NVD
Last Modified: 12/11/2025
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
