CVE-2025-3864
Description
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-3864? +
How do I check if I'm vulnerable to CVE-2025-3864? +
Related Vulnerabilities
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are …
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race …
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the …
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted …
This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma …
When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual …