Primary

Context

LiteSpeed QUIC Library Memory Leak Vulnerability in Packet Processing

Vulnerability

Patched

A memory leak vulnerability has been identified in the LiteSpeed QUIC (LSQUIC) Library, specifically in versions prior to 4.3.1. The issue arises in the 'lsquic_engine_packet_in' function, where incoming packet data is not properly managed, leading to increased memory usage over time.

Impact

Exploitation of this vulnerability causes a memory leak, which can lead to increased memory consumption and potentially exhaust available system resources.

Reproduction

The vulnerability can be reproduced by using a version of the LiteSpeed QUIC Library prior to 4.3.1. When the 'lsquic_engine_packet_in' function processes incoming packets, it fails to release memory associated with the 'packet_in' data, causing a gradual increase in memory usage.

Remediation

Users can upgrade to LiteSpeed QUIC Library version 4.3.1 or later, where this memory leak has been fixed.

Added: Aug 1, 2025, 6:20 AM

Updated: Aug 1, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

8.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LiteSpeed QUIC Library Memory Leak Vulnerability in Packet Processing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LiteSpeed QUIC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating