Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-3864

created 1 month, 3 weeks ago

Connection pool exhaustion in hackney

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.

References

https://github.com/benoitc/hackney/issues/717 issue-tracking
https://cert.pl/en/posts/2025/05/CVE-2025-3864/ third-party-advisory
https://github.com/benoitc/hackney/issues/717 issue-tracking
https://cert.pl/en/posts/2025/05/CVE-2025-3864/ third-party-advisory
https://github.com/benoitc/hackney/commit/8f13ddac50d1626f8b9a47a08bd599e4efe17… patch

Affected products

hackney

<1.24.0

Matching in nixpkgs

pkgs.hackneyed

Scalable cursor theme that resembles Windows 3.x/NT 3.x cursors

nixos-unstable 0.9.3
- nixpkgs-unstable 0.9.3
- nixos-unstable-small 0.9.3

Package maintainers

@somasis Kylie McClain <kylie@somas.is>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.hackneyed

Package maintainers