Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Default no-auth network exposure gives AV:N/AC:L/PR:N/UI:N; single command crashes the whole process for A:H, with no confidentiality or integrity impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command - a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
AnalysisAI
Remote denial of service in DragonflyDB before 1.39.0 lets an unauthenticated attacker crash the entire server with a single ~24-byte RESTORE command carrying a malformed listpack payload, triggering an out-of-bounds read (SIGSEGV). Because Dragonfly ships with no authentication enabled by default and RESTORE is an ordinary keyspace command, any client that can reach the port can repeatedly kill the process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker needs network reachability to the DragonflyDB port and the ability to send a RESTORE command - both satisfied by default, since Dragonfly requires no authentication out of the box and RESTORE is a standard keyspace command (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All signals point to a genuine, easy-to-trigger availability threat rather than a paper-tiger high score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach an internet-exposed or shared-network DragonflyDB instance (which by default requires no authentication) opens a connection and issues a single RESTORE command with a crafted listpack-encoded payload whose interior string entry declares a length of 0x7fffffff. The server's shallow listpack validation passes the header, then reads out of bounds and dies with SIGSEGV, dropping all clients; the attacker simply re-sends the command after each restart for a sustained outage. … |
| Remediation | Vendor-released patch: upgrade to DragonflyDB 1.39.0 or later, which enforces deep listpack integrity validation on RESTORE payloads. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all DragonflyDB instances in production environments and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Dragonfly P2P file distribution system versions 2.4.1-rc.0 and below have a missing authentication vulnerability allowin
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), t
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), t
Dragonfly is a Java runtime dependency management library. Rated high severity (CVSS 7.5), this vulnerability is remotel
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon c
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5),
RESP protocol injection in Dragonfly's EvalSerializer allows an authenticated low-privilege user to embed raw CRLF seque
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5),
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 6.9),
Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.7), th
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39811