CVE-2025-55163: Netty affected by MadeYouReset HTTP/2 DDoS vulnerability
(updated )
The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.
References
- github.com/advisories/GHSA-prj3-ccx8-p6x4
- github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a
- github.com/netty/netty
- github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1
- github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
- nvd.nist.gov/vuln/detail/CVE-2025-55163
Code Behaviors & Features
Detect and mitigate CVE-2025-55163 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →