Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25678

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

Published

2024-02-09T10:15:08.683

Last Modified

2025-06-20T21:15:22.707

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-354

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	litespeedtech	lsquic	< 4.0.4	Yes

References

https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708 Patch ([email protected])
https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4 Release Notes ([email protected])
https://www.rfc-editor.org/rfc/rfc9001 Not Applicable ([email protected])
https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://www.rfc-editor.org/rfc/rfc9001 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)