CVE-2025-3864
Description
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-3864? +
How do I check if I'm vulnerable to CVE-2025-3864? +
Related Vulnerabilities
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are …
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race …
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted …
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the …
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by …
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of …