CVE-2025-6703

EPSS 0.26%
Veröffentlicht 26.06.2025 09:30:03
Zuletzt bearbeitet 03.12.2025 20:41:53
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

transport/fc.rs: panic attempting to send MAX_DATA with value larger max varint

Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Neqo SwPlatformrust Version >= 0.4.24 <= 0.13.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.489

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
security@mozilla.org	2.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Clear

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/mozilla/neqo/security/advisories/GHSA-jfv6-x22w-grhf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-6703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6703

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-6703