Home > Vulnerability Database > WS-2023-0421

Mend.io Vulnerability Database

WS-2023-0421

Date: August 19, 2025

In raklib from 14.x reliable-ordered queue size is unlimited, allowing a session to hog server memory. A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server doesn't make any effort to limit the size of the queue or detect this kind of abuse, this problem is easy to abuse. This is fixed in versions 0.14.6,0.15.1.

Language: PHP

Severity Score

5.3

Related Resources (4)

Url: https://github.com/pmmp/RakLib

Url: https://github.com/pmmp/RakLib/security/advisories/GHSA-w98g-5fmx-wm4x

Url: https://github.com/pmmp/RakLib/commit/371190f5854372154d1b263cd2a10e658e92bebe

Url: https://www.mend.io/vulnerability-database/WS-2023-0421

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0421

Date: August 19, 2025

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?