- Advisory ID: CV_2025_06_1
- Issued: 2025-06-06
- Updated: 2025-06-06
- Additional Links:
Tomcat can trigger an OutOfMemoryError under specific conditions involving the TLS handshake process. Additionally, Tomcat improperly handles excessive HTTP headers in HTTP/2 streams, leading to incorrect infinite timeouts and open connections.
Commvault software does not use HTTP/2 streams and is therefore not affected.
Acknowledgments:
We thank NCIA researchers for responsibly disclosing this issue.
Impacted Products
This vulnerability does not affect Commvault products.
Resolution
None