Home

CVE-2025-58369

Description

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down write while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions 2.5.13, 3.12.1, and 3.13.0-M7.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.207

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 3.12.2Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 3.13.0Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 2.5.13Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 3.12.2Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 3.13.0Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 2.5.13Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 3.12.2Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 3.13.0Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 2.5.13Windows
Vulnerabilities CVE-2025-58369 are affected in Fs2 - fs2-io_2.12.0-RC2 2.5.12Windows
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 for Linux 3.12.2Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 for Linux 3.13.0Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.12 for Linux 2.5.13Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 for Linux 3.12.2Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 for Linux 3.13.0Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_2.13 for Linux 2.5.13Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 for Linux 3.12.2Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 for Linux 3.13.0Linux
Vulnerabilities CVE-2025-58369 are fixed in Fs2 - fs2-io_3 for Linux 2.5.13Linux
Vulnerabilities CVE-2025-58369 are affected in Fs2 - fs2-io_2.12.0-RC2 for Linux 2.5.12Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234