CVE-2025-54939 | THREATINT

Description

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

PUBLISHED Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-20 | Assigner mitre

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

Any version before 4.3.1

affected

References

github.com/...6141724f85e97b08f510673e29f399bbae8f/CHANGELOG

github.com/...ommit/4cd9252e77fb4a36b572e2167a84067d603d3b23

www.imperva.com/...of-service-in-lsquic-quic-implementation/

blog.litespeedtech.com/2025/08/18/litespeed-security-update/

cve.org (CVE-2025-54939)

nvd.nist.gov (CVE-2025-54939)

Download JSON

help @ threatint.eu