CNNVD-202508-024 Information

Aug 01, 2025 cve

CNNVD ID

CNNVD-202508-024

CVE-2025-54939

CNNVD Published: 2025-08-01

Description (Chinese)

Litespeed Technologie LiteSpeed QUIC（LSQUIC）是美国Litespeed Technologie公司的一种用于服务器和客户端的 QUIC 和 HTTP/3 功能的开源实现。 Litespeed Technologie LiteSpeed QUIC 4.3.1之前版本存在安全漏洞，该漏洞源于lsquic_engine_packet_in存在内存泄漏。

Description (English)

Litespeed QUIC (LSQUIC) is an open source of QUIC and HTTP/3 functions for servers and clients from the United States of America. There was a security loophole in the previous version of Liespeed Technologie LiteSpeed QUIC 4.3.1, which originated from a memory leak in lsquic engine packet in.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Litespeed Technologie

Published

2025-08-01

Last Modified

2026-02-24

References

https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23 https://github.com/litespeedtech/lsquic/blob/70486141724f85e97b08f510673e29f399bbae8f/CHANGELOG#L1-L3 https://www.imperva.com/blog/quic-leak-cve-2025-54939-new-high-risk-pre-handshake-remote-denial-of-service-in-lsquic-quic-implementation/ https://blog.litespeedtech.com/2025/08/18/litespeed-security-update/ https://nvd.nist.gov/vuln/detail/CVE-2025-54939 https://access.redhat.com/security/cve/cve-2025-54939

Share on: