CVE-2025-24947

Name of the Vulnerable Software and Affected Versions LSQUIC versions prior to 4.2.0

Description A hash collision vulnerability in the hash table used to manage connections allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage.

Recommendations For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the rate of new connections to minimize the risk of exploitation.