Ncc-Pbottine

**Name of the Vulnerable Software and Affected Versions** Kwik versions prior to 0.10.1 **Description** A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs (`SCIDs`). This results in a Hash DoS attack. **Recommendations** For versions prior to 0.10.1, update to version 0.10.1 or later to resolve the issue. As a temporary workaround, consider implementing measures to limit the impact of excessive connection requests on the server, such as rate limiting or IP blocking, until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** picoquic versions before b80fd3f **Description** The hash table used to manage connections in picoquic uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs (SCIDs), resulting in a Hash DoS attack. **Recommendations** For picoquic versions before b80fd3f, update to a version after b80fd3f to resolve the issue. As a temporary workaround, consider implementing measures to detect and prevent connections with colliding Source Connection IDs (SCIDs) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LSQUIC versions prior to 4.2.0 **Description** A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage. **Recommendations** For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the rate of new connections to minimize the risk of exploitation.