Medium severity5.3OSV Advisory· Published Feb 20, 2025· Updated Apr 15, 2026
CVE-2025-24947
CVE-2025-24947
Description
A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.11.0, 1.11.1, 1.12.0, …+ 1 more
- (no CPE)range: 1.11.0, 1.11.1, 1.12.0, …
- (no CPE)range: <4.2.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.