VYPR
Medium severity5.3OSV Advisory· Published Feb 20, 2025· Updated Apr 15, 2026

CVE-2025-24947

CVE-2025-24947

Description

A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Litespeedtech/LsquicOSV2 versions
    1.11.0, 1.11.1, 1.12.0, …+ 1 more
    • (no CPE)range: 1.11.0, 1.11.1, 1.12.0, …
    • (no CPE)range: <4.2.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.