CVE
CVE-2025-48989
| CVE ID |
CVE-2025-48989
|
|---|---|
| CVSS Score |
7.5
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
8.5.112-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
Fix improves HTTP/2 connection handling to prevent excessive resource consumption caused by malicious stream lifecycle behavior, such as rapid stream creation and reset patterns. The update strengthens overhead accounting and connection protection
mechanisms to mitigate memory exhaustion and denial-of-service risks, adds safeguards to prevent abnormal client behavior from bypassing connection limits, and reduces the likelihood of Out-Of-Memory (OOM) conditions and connection instability when processing malformed or abusive HTTP/2 traffic.