CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24947
https://notcve.org/view.php?id=CVE-2025-24947
20 Feb 2025 — A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage. • https://github.com/litespeedtech/lsquic/releases/tag/v4.2.0 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25678
https://notcve.org/view.php?id=CVE-2024-25678
09 Feb 2024 — In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. En LiteSpeed QUIC (LSQUIC) Library anterior a 4.0.4, la validación de DCID se maneja mal. • https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708 •
CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 1CVE-2022-30592
https://notcve.org/view.php?id=CVE-2022-30592
11 May 2022 — liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. El archivo liblsquic/lsquic_qenc_hdl.c en LiteSpeed QUIC (también se conoce como LSQUIC) versiones anteriores a 3.1.0, maneja inapropiadamente MAX_TABLE_CAPACITY • https://github.com/efchatz/HTTP3-attacks • CWE-476: NULL Pointer Dereference •