CVE-2025-24946 Information

Description

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function allowing remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

Reference

https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory https://github.com/private-octopus/picoquic/commit/b80fd3f5903279ae3e7714ee4109363d9ab4491a