CVE-2025-54939
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-27
Assigner: MITRE
Description
Description
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litespeedtech | litespeed_web_adc | to 3.3.1 (exc) |
| litespeedtech | litespeed_web_server | to 6.3.4 (exc) |
| litespeedtech | lsquic | to 4.3.1 (exc) |
| litespeedtech | openlitespeed | to 1.8.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the LiteSpeed QUIC (LSQUIC) Library versions before 4.3.1, specifically in the lsquic_engine_packet_in component. A memory leak means that the software improperly manages memory allocations, causing it to consume more memory over time without releasing it.
How can this vulnerability impact me? :
The memory leak can lead to increased memory usage, which may degrade system performance or cause the application to crash or become unavailable due to resource exhaustion.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70