CVE-2025-30160
📋 TL;DR
Redlib versions before 0.36.0 contain a vulnerability where attackers can cause denial-of-service by submitting specially crafted base2048-encoded DEFLATE decompression bombs to the restore_preferences form. This leads to excessive memory consumption and system instability, affecting all Redlib instances running vulnerable versions.
💻 Affected Systems
- Redlib
📦 What is this software?
Redlib by Redlib
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage with potential system crashes requiring manual intervention to restore functionality.
Likely Case
Temporary service degradation or unavailability until memory is freed or the process restarts.
If Mitigated
Minimal impact with proper input validation and resource limits in place.
🎯 Exploit Status
Requires knowledge of base2048 encoding and DEFLATE compression bomb creation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.36.0
Vendor Advisory: https://github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg
Restart Required: No
Instructions:
1. Update Redlib to version 0.36.0 or later using your package manager or from source. 2. Verify the update was successful by checking the version. 3. No restart required as this is a web application fix.
🔧 Temporary Workarounds
Disable restore_preferences endpoint
allTemporarily disable the vulnerable endpoint until patching is possible.
Modify Redlib configuration to remove or restrict access to restore_preferences form
Implement input size limits
allAdd server-side validation to limit the size of submitted data to the restore_preferences endpoint.
Configure web server or application to reject requests with body size exceeding reasonable limits (e.g., 1MB)
🧯 If You Can't Patch
- Implement rate limiting on the restore_preferences endpoint to reduce attack surface
- Deploy a WAF with decompression bomb detection capabilities
🔍 How to Verify
Check if Vulnerable:
Check if Redlib version is below 0.36.0 by examining the application version or package manager.Check Version:
Check Redlib configuration files or use package manager commands specific to your installation method.Verify Fix Applied:
Confirm Redlib version is 0.36.0 or higher and test that the restore_preferences endpoint properly rejects oversized or malformed input.📡 Detection & Monitoring
Log Indicators:
- Unusually large POST requests to restore_preferences endpoint
- Spikes in memory usage followed by service degradation
- Error logs related to memory allocation failures
Network Indicators:
- Large base2048-encoded payloads sent to Redlib instances
- Multiple rapid requests to restore_preferences endpoint
SIEM Query:
source="redlib" AND (uri_path="/restore_preferences" AND request_size>1000000) OR (process="redlib" AND memory_usage>90%)