Medium severity5.3NVD Advisory· Published Feb 20, 2025· Updated Apr 15, 2026

CVE-2025-24946

Description

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

Patches

b80fd3f59032

https://github.com/private-octopus/picoquicvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/private-octopus/picoquic/commit/b80fd3f5903279ae3e7714ee4109363d9ab4491anvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000