We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-30160

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form



Description

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.

Reserved 2025-03-17 | Published 2025-03-20 | Updated 2025-03-20 | Assigner GitHub_M


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-400: Uncontrolled Resource Consumption

CWE-502: Deserialization of Untrusted Data

Product status

< 0.36.0
affected

References

github.com/...redlib/security/advisories/GHSA-g8vq-v3mg-7mrg

github.com/...ommit/15147cea8e42f6569a11603d661d71122f6a02dc

github.com/...ommit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a

cve.org (CVE-2025-30160)

nvd.nist.gov (CVE-2025-30160)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-30160

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.