LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LLitespeedtech Litespeed Web Adc
APPLitespeedtech< 3.3.1Litespeedtech Litespeed Web Server
APPLitespeedtech< 6.3.4Litespeedtech Lsquic
APPLitespeedtech< 4.3.1Litespeedtech Openlitespeed
APPLitespeedtech< 1.8.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2024-25678CRITICAL9.8PL ✓ten sam produkt
Błędna walidacja DCID w bibliotece LiteSpeed QUIC (LSQUIC)
CVE-2022-30592CRITICAL9.8ten sam produkt
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.
CVE-2020-5519CRITICAL9.8ten sam produkt
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by t...
CVE-2026-31386HIGH8.6ten sam produkt
OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerabi...
CVE-2023-40518HIGH7.5ten sam produkt
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.