- Description
- Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.
- Source
- cvd@cert.pl
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 2.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
- cvd@cert.pl
- CWE-772
- Hype score
- Not currently trending
CVE-2025-3864 Hackney HTTP Connection Pool Exhaustion Vulnerability in Elixir Library https://t.co/BWyjaLmZQt
@VulmonFeeds
28 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3864 Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection … https://t.co/H1GGd5mhf5
@CVEnew
28 May 2025
453 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes