CVE-2025-5996 — Allocation of Resources Without Limits or Throttling in Gitlab

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 34.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE +21 more

Timeline

PublishedJun 12

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages26 packages

▶CVEListV5gitlab/gitlab2.10 — 17.10.7+2

▶NVDgitlab/gitlab2.1.0 — 17.10.8+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-wjh7-hp74-8r7h: An issue has been discovered in GitLab CE/EE affecting all versions from 2↗2025-06-12

▶

OSV

CVE-2025-5996: An issue has been discovered in GitLab CE/EE affecting all versions from 2↗2025-06-12

▶

📋Vendor Advisories

GitLab

CVE-2025-5996: An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of↗2025-06-12

▶

Debian

CVE-2025-5996: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 b...↗2025

▶

Microsoft

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to c↗2018-01-09

▶