CVE-2025-54939
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54939
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54939.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54939
- Published
- 2025-08-01T06:15:28.860Z
- Modified
- 2025-12-11T02:03:54.359437Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquicenginepacket_in memory leak.
- References
-
- https://blog.litespeedtech.com/2025/08/18/litespeed-security-update/
- https://github.com/litespeedtech/lsquic/blob/70486141724f85e97b08f510673e29f399bbae8f/CHANGELOG#L1-L3
- https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23
- https://www.imperva.com/blog/quic-leak-cve-2025-54939-new-high-risk-pre-handshake-remote-denial-of-service-in-lsquic-quic-implementation/
Affected packages
Git / github.com/litespeedtech/lsquic
Affected ranges
- Type
- GIT
- Repo
- https://github.com/litespeedtech/lsquic
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.11.0
1.11.1
1.12.0
1.12.2
1.12.3
1.12.4
1.13.0
1.14.0
1.14.3
1.15.0
1.16.0
1.17.0
1.17.10
1.17.11
1.17.12
1.17.14
1.17.15
1.17.2
1.17.3
1.17.6
1.17.7
1.17.8
1.17.9
1.18.0
1.19.1
1.19.2
1.19.4
1.19.5
1.19.6
1.20.0
1.21.1
1.21.2
v.*
v.2.12.4
v.2.20.1
v1.*
v1.0
v1.1
v1.10
v1.10.1
v1.10.2
v1.2
v2.*
v2.10.0
v2.10.1
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.11.1
v2.12.0
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.15.0
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.17.0
v2.17.1
v2.17.2
v2.18.0
v2.18.1
v2.18.2
v2.19.0
v2.19.1
v2.19.10
v2.19.2
v2.19.3
v2.19.4
v2.19.5
v2.19.6
v2.19.7
v2.19.8
v2.2.0
v2.20.0
v2.20.2
v2.21.0
v2.22.0
v2.22.1
v2.23.1
v2.23.2
v2.23.3
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.24.4
v2.24.5
v2.25.0
v2.26.0
v2.26.1
v2.26.2
v2.27.0
v2.27.1
v2.27.2
v2.27.3
v2.27.4
v2.27.5
v2.27.6
v2.28.0
v2.29.0
v2.29.1
v2.29.2
v2.29.3
v2.29.4
v2.29.5
v2.29.6
v2.3.0
v2.3.1
v2.30.0
v2.30.1
v2.30.2
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.6
v2.4.7
v2.4.8
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.5
v2.6.6
v2.6.7
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.5
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.2.0
v3.3.0
v3.3.1
v4.*
v4.0.0
v4.0.1
v4.0.11
v4.0.12
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.2.0
v4.3.0
Database specific
vanir_signatures
[
{
"id": "CVE-2025-54939-00df938c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"153555432108124491423821166090126813839",
"65257975606489342507582689379453293024",
"325726790225958673539698788036067672520",
"110374282734275609991130675873060761153",
"51371150332256594396919897248303106222",
"297293621528572303441453678946360908788",
"115458406597775404239849676174563435161"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_sfcw.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-02358868",
"digest": {
"threshold": 0.9,
"line_hashes": [
"246249806652211883800067770480891984807"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_ietf.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-035145af",
"digest": {
"threshold": 0.9,
"line_hashes": [
"333211987754011916302341334842131284856",
"111902180967230890111191652213046261992",
"116335665328747662139147304960045240637",
"71659034668963484643469496352120268123",
"258313701845288503843743362077839024726",
"300433381845276590968381194286097316035",
"247730673755027761171894491595377076863",
"270983813776452857410766194367142338185",
"78978918384724297124487146601277070705",
"81227646563949496416052969898159244220",
"330334497862306570213634091938687051978",
"161441294712003032394077634792758121412",
"211985655698244184867927483331296660100",
"58707952968506025708606429611370802712",
"328946089012895412941737872545949495767",
"201694181175065236110585131249148470489",
"296967136594406569158906738884460760548",
"79898886190988825856756106862087026006",
"189237114379725066232150631911327177465",
"15494800319836571172890097969438404729",
"72125068645221809735432342714363851616",
"188456608137866117941611999328485162974",
"212142993658620916746102186394608907901",
"220120962985218570434858469856066913376",
"215404568328654259053300472579254980605",
"133010748283207182706549906875868080316",
"61370563908648986185247663517865211096",
"195302925644266233409771563473858162969",
"335413121051155696323917993703207814181",
"3676702624243814741429770540942637107",
"207042028772371492556233753057237570169"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_out.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-06cb2595",
"digest": {
"threshold": 0.9,
"line_hashes": [
"317659326033971155107544915162252244357",
"324679894882622335846882739307772436827",
"183945923883882064716317808272413772513",
"113552360007539132742567748597733706244",
"286403122011129176761875737732709232960",
"105486890042663379101908793738737195414"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_parse.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-0c6f77af",
"digest": {
"threshold": 0.9,
"line_hashes": [
"33284685249662838417795296639469857529",
"102229610692465800507361627274932131916",
"81596526196982540641431291262735595800",
"57614153201538294822945913114376237102",
"173420271728091393246407779219330055118",
"18192946565123978319247990025525137468",
"80253820539643002510127286422452539667",
"132600676013213015524807377472828702488",
"130694094412903523575328413285594105541",
"49253161349753828282408706004166042366",
"72158185477114222330188306109901800572",
"280034691402717168376730963718710060974",
"45304804975733772480804371468337411525",
"144972831312758588780002719711559443019",
"330880672448761373546181776033940150538",
"85722934609758141934829102704908509019",
"164121640837285488952208957285828478314",
"59114207085955127096640614249557778238",
"102276884696142019953473785788488559671",
"231390359396749025755439966487119608080",
"148085237979267576469074540381191493296",
"322724926421123470691401775493317161276",
"311093502200651998518714022590087878379",
"23579236650986322043219420530155213444",
"331934788968034066897941274708070004071"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_eng_hist.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-158c50a1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"330215407728660753100949702097407997655",
"79883289824640974461415654063774472974",
"24419074942743457069797942446849234903",
"339627127780452071112019914743842304062",
"230449623841601675177605692602316806415",
"85399381994443198968610293129816244254",
"90650420121197481092990046051454901972",
"69371349539430503687136593408202586400",
"69298144446686518008765547705960594169",
"325123812506814879714251995356367549416",
"337744258300238192380073142526197398126",
"111556958360359547626547556667567858560",
"280292872805300902659343918242709829695",
"54859606958304830949500207121862235353",
"205631769064721511200628451607070528178",
"157773532994348427884148497522217861441",
"287284261397749462821744453755269996777",
"171582756036185146399762308152327469026",
"10034913747725293220006813495436205231",
"44932706853842959322907892691009102426",
"67408098058289963783863271843872601864",
"169172921595267410442802353455864871100",
"191921938128986732165123346282970924206",
"295644447700215718733248800916966670365",
"262208420762281403307423588330768817387",
"227633699602258227512295140263906588764",
"116684817853569739023761504213041076223",
"78229052091857096214250820757169648617",
"330053940850222147397531752033057219379",
"52537590654018959710463114308012777416",
"338396703748615868016899406725134308958",
"267617679933433373130938745862021328755",
"333948088809628422233320089011665023337",
"113909436542006676752603747256851700258",
"73151445352625683752298820608949918765",
"86389490068146571854255978075792033251",
"44947178996674213440065627521399459700",
"132274831746196427385714726520515303056",
"132306588444277763492989668530674081461",
"257710199504489650761426266828577567705",
"159847042415212295978901977263951395168",
"318248220431670099845607033622237596456",
"68563543370863243015287233212113731164",
"106399166005382864271260624842927208315",
"39209514074739604637649282615218584237",
"55882434264446257998989972969710575286",
"327504154649167648156757037919281717181",
"228723193561177432667561800874668075445",
"273881010391499842078818466616927745460",
"165370043985520995754664502374878387761",
"185350239556464965038734188498811986660",
"167490529125825589406326890062430289271",
"119422746346485672201613164572198920320",
"213594972065877682371591634124514890312",
"221499690752098398230927821569154219185",
"111925966970111432971894413449731951189",
"10290940244916946891949003814689917928",
"120307723114109565919706760250075461572",
"294403267583313818405611492718959413741",
"161401929893848954980701497276460320711",
"16218994965445454853298641162897932362",
"129723495538298068518014210627246951588",
"225757016220513028953821606124790819826",
"312715017521431854687962933074165338233",
"118332841686478693288482354653115662204",
"63600041477875896152603226203510918657",
"33814073027279172268814927177697407987",
"271951747324598184097240042736473323597",
"55461771127408634304097567020156478314",
"136339877769222508572795401489904541599",
"70451185309202902441983713498600465923",
"118100546403770464613001469586055999268",
"304645994512176492567637101053774458235",
"143596900008824428225894558246578934989",
"104949053129489633027880639357671265685",
"274324515323963539470088368818239787058",
"218282160055833203783927351102129333720",
"327419898277563046330479045659946293635",
"201182970392039990270285278550491105588",
"90580305248462073124242624175440804913",
"304760771214694253906109589819586497883",
"90064341545314415127948871471042133845",
"196680763913140325944590356498891475950"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_send_ctl.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-18c9524b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"328542293557378275732595140512799530024",
"182090716265961354806349630954297065027",
"211780166014066684881564332029235990483",
"245857090715817072342209506553998625321"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_full_conn.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-26a6930d",
"digest": {
"length": 4287.0,
"function_hash": "290688368784060699083467637643804028074"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_mini_conn_ietf.c",
"function": "lsquic_mini_conn_ietf_new"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-293da1a3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"308118798965192023748451080941344471615",
"196290662209452748340112224038053067616",
"114527617110844961984490057074883080798"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_qenc_hdl.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-2c501d2f",
"digest": {
"length": 7219.0,
"function_hash": "230673344540460081202648664647752041935"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_enc_sess_ietf.c",
"function": "iquic_esf_decrypt_packet"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-309fd0f5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168891119138021047168137418947285189340",
"253024565366207975256374712308848989248",
"182685949163206133415720142578038431621",
"259246622059505095160113731202162729310",
"263564882664401953172774491965558279327"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_enc_sess.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-33f86a96",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47793360599456170539206596839239512969",
"91291481701767336761262886350136025343",
"151851370018011446046162848433751960476",
"111195748454857758383770379545983752802",
"291974911475684360953751793478720521247",
"2659413840494076639356846324973836399",
"46263858993847206019462998054692901599",
"139577571528340453860750975778677231538",
"179178930488681843142399858710523282255",
"201964832224134287759704996951108936795",
"72644821317739886920201477289077114370",
"25588369264573406156827925595639238221",
"89482059190844194745939765525019917873",
"91383720781060571625763465995097988748"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_varint.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-3e739ed1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"275355004660093246215913204913476167472",
"290471957983760751162161998741206556282",
"158634471715396296066384564178156486105"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_rechist.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-456197dc",
"digest": {
"length": 278.0,
"function_hash": "296878907794671802697920383762194224729"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_enc_sess_ietf.c",
"function": "iquic_esf_is_enc_level_ready"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-46a47694",
"digest": {
"length": 6166.0,
"function_hash": "56513401713748888964056809921574036287"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_send_ctl.c",
"function": "lsquic_send_ctl_got_ack"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-46f01a7f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"255347110246316775934930102298347001943",
"285539325293789415722633980314261263111",
"44298047869682232294807425350190110442"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_hash.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-48817ffe",
"digest": {
"threshold": 0.9,
"line_hashes": [
"288020879356778133677463673925914774711",
"152401364555284233845869450621891381872",
"212111456107106674596006748325650444902",
"339116087806913433352945414087744361403",
"34651955363388875990661689380014874495",
"36497586215599237810346389851872779392",
"256054171080664472524621887559844098829",
"318954074701705031764035367920738185565",
"180253062781873104341494284914679407639",
"59826181613551256038111838832085571604",
"95564483290597400807742250081572480096"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_enc_sess_ietf.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-4921ae95",
"digest": {
"threshold": 0.9,
"line_hashes": [
"219696233315819223525778076115870740659",
"223361658185776578550576269677560941747",
"327402391026346704004828668038628967974",
"195029926493120203610391525924648580147",
"258126919953444886559609626448768253661",
"5737257703885158423824701182504075896"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_alarmset.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-50ad6aad",
"digest": {
"threshold": 0.9,
"line_hashes": [
"314553019360656520450585694084686499529",
"96557676299681123129919717697866118755",
"337107428505658501019627417372448593958",
"212511455652231896392356043291677240603"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_common.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-510a70de",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329720455228773035616837147392471394272",
"248753232751306763366749098888646796089",
"326203739649068158215746251012383945699",
"318489066481022614319955403608718964062"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_mini_conn.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-56791700",
"digest": {
"threshold": 0.9,
"line_hashes": [
"158904903501598640519380144654488842993",
"302901253043101337314222640468733782736",
"310779067342859071193277317219115023838",
"77799440299598108986797023016268208434",
"56916174691472376177194281866070851004",
"255841379092727545019428224187828895377",
"286927989433638350490212888530078906526",
"234050309391233377289688919560334058761",
"337820233402168438152526416681139576264",
"154135817321321196976904192254476622892",
"3257154350548218980304623281558157377",
"220433173867917210292705904498652284659",
"200637317919648078133900619065797870830",
"94784405570098252398862780356267832554",
"165750261095502661751523611145468684816"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_gquic.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-5bb47ab1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"196165175639378679684452922193413067003",
"297578768793830382110646041051127644828",
"46373385063018371117393212203875569078",
"318602831944072762308752418969176488231",
"70838428134195022900419507598878870955"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_frame_common.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-5f48a0f2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202014915020162146143070382213091080684",
"225789248952295140794949554867733342190",
"119937385467790554650829573652043782531",
"185181591933934094535443437312685581494",
"210364994648533124931595521089726639635",
"29226954786069300234629319199223513904",
"80252035379955108012322501701397615263",
"243728119016535890396360878066763942106",
"67733599885637631598558114459815230840",
"214320119864483424848314079358515922738",
"18407017655311907011575364751840156001",
"238227076982926281885997492816520929820",
"261570884308798885375006077161052701157",
"19895419652540072217298386544721500446",
"4249665243860270660972205153062858178",
"66931820611061112217693844142746593520",
"299214508265212134594993961205719753263",
"232022360983917331546123100689099523404",
"262433387856352197000343549848982159370",
"35035180863964639660406042132975592489",
"119210289670332769254361007029994716650",
"273256527917588530295739695351337649517",
"281409506543112297595143308370556999126",
"120750707022389364046765834903198913434",
"203873656537069391023745722305000975482"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_stream.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-60c8e57c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104087820505619053850538031299257094417",
"141600293554254165620136907480312684061",
"307496412357102276592331098476550771040",
"8198055083813283581597177343656812940",
"161589241658483105222141569176766201963",
"200251717127387844034839958422460796288",
"278411334333562185315937727167285506412",
"232121333221737553062648321771801993169"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_mini_conn_ietf.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-63bbfccf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"278975330810547694368825208529848928424",
"169294887460690746831066015484955210704",
"249712568465037740607904318735737259020",
"236688904815955871052456370390500213781",
"301403116076548590423056529471950020839",
"216506048992939270420491447833772950378",
"247979250553723079820098288412037412564"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_frab_list.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-64fb40e3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"136852689668462182331453657923450588958",
"224953706600185379825714152666333304020",
"286840753027593399553516223496456014621",
"151864734189537132739641628410356036841",
"108829301736734221774106933015645237933",
"100737822386288844052276339591508979727",
"35482326425651004884627086359242311012",
"310062713223112422110062140655191057206",
"189131540362866282039044912053373067041",
"124265603053003999629403101463750421352",
"309810271738947586493828109920511246975"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_alarmset.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-6c68ef07",
"digest": {
"threshold": 0.9,
"line_hashes": [
"258200613841650372032971374211736179504",
"139322270470820754963269385697326043802",
"317031898027437509086324636775344721822",
"47002494463270159119020749293076125188",
"147813981815726171150272912724482126585",
"330208363417033089499623413951149584258",
"335936677644178175114093935753878968103",
"226688340367042421076657370326441900272"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_full_conn_ietf.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-6dd174af",
"digest": {
"threshold": 0.9,
"line_hashes": [
"265094556259141200102213592644424573904",
"53649465519450298729980900507522445714",
"137282911207132605766973618624689906515",
"29165348085905355885709655562533858409",
"251166538883306692995057338187049377580",
"278979866083754624469721322941251371131",
"183103809863410954935960924422375624391",
"162560869974421899520109503789081007263",
"241073421640958719056164574838682434387",
"61783028289248651465641197534300178269",
"41154195969128148771255643671305955657",
"250469661372100085409477569929154962504",
"51163688663870174107258005569355804037",
"250573676141427800929494560217101217297",
"237691073064339555118999414991885104923",
"121364885290629939638966669349773034304",
"247042259608914995454480654615538595964",
"207952205958776295993791442625962377146",
"54192440839692196264794625448763627721",
"47404269732438185250247697934642047510",
"193235644076381415841160443287073510406",
"177513850607172243846393026925524121870",
"176705743309075112791208084084079973069",
"115933107211146479920241298029171395460",
"96248538801791222826183407675083202731",
"235489651070495029727518801756126038128",
"194559225916540945544419214299857874019"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_arr.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-a6fb25cb",
"digest": {
"length": 1402.0,
"function_hash": "99454070537562185418960580351703555995"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_mini_conn.c",
"function": "lsquic_mini_conn_new"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-a850ab9d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274815001959815236413540909768321008526",
"103982640632445774963920166081492279732",
"61113862495737910994401374335712092839",
"170601033844004706517552454861997063390",
"211040588903672334829259712724951881230",
"281366481824546648611581494293892087547",
"72186907024614460892486122517729990000",
"282810114015951615888837334358181392929",
"278135523321824006681832623794180390457",
"67124533026136504735141266840445253856",
"88814889509805667953755396722859675882",
"14158726953843547758598672553580470578"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_conn_flow.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-ab74f915",
"digest": {
"threshold": 0.9,
"line_hashes": [
"146585938915896691879144077424600634801",
"1582811143241478573376701990797906229",
"16052958937950906625966809613816419131",
"169133076396364367945150719173386200598",
"124477039767098761964962192957084137256",
"264526782689708296072917495137644915783",
"123406735670207475666931961292439411399",
"335181349316092854257026762860498074770",
"186757027647414124880063279097755287795"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_senhist.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-b4900bd0",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293986569036488201174789605776449986328",
"203839714522863994105832636775311384227",
"10462116959664927729802793438692333186",
"108854950775126913138394086825853152296"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_engine.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-bc573ced",
"digest": {
"threshold": 0.9,
"line_hashes": [
"147911371490662826207281586594012751929",
"4024979488723202004270547055741952201",
"273848273171715220652066113388709503298"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_pacer.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-bfd547be",
"digest": {
"threshold": 0.9,
"line_hashes": [
"141301199081315614432286041812141550471",
"185639960052774374807828120997807466048",
"56768718119328766724131250692968884486",
"135965862087457895402533355697911038852"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_send_ctl.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-c44d9ed1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"314858915549888434783450374442552370673",
"149120465493487006325828777887743533452",
"28115912387081850457953161663269936772"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_minmax.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-cd13972c",
"digest": {
"length": 2622.0,
"function_hash": "46872704915349204241105295317345883283"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_engine.c",
"function": "lsquic_engine_packet_in"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-d5b742c1",
"digest": {
"length": 2544.0,
"function_hash": "116507564523722732575085600106165405459"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_full_conn.c",
"function": "lsquic_gquic_full_conn_client_new"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-d95a2e06",
"digest": {
"length": 4899.0,
"function_hash": "96734804611168727406097041581432052964"
},
"signature_type": "Function",
"target": {
"file": "src/liblsquic/lsquic_full_conn_ietf.c",
"function": "lsquic_ietf_full_conn_client_new"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-d9668f25",
"digest": {
"threshold": 0.9,
"line_hashes": [
"195716685663853516038854736628010039129",
"268783174675792147665863537747093124706",
"324704925116541198829766636163255639341",
"110765729353758627588102931996708778749",
"276701665171622400983460530587286818627",
"94914413637582019232731446965455357014",
"323656933730994294451153484998043893566",
"130049809509775043488445836152009253894",
"128302428868401258977581549193470571117",
"311670041256376264796710626257634805220",
"107280248643486816401443497426164352022",
"173215131669217718903645491835389798775",
"237824527752542573478797107301350992947",
"193806002853673679394421683500435706522",
"12433923080137170792891964304084751573",
"296332907893216108603667418165956799966"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_in.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-d98e2c63",
"digest": {
"threshold": 0.9,
"line_hashes": [
"176269066768348678921051598956775378196"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_min_heap.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-e909be18",
"digest": {
"threshold": 0.9,
"line_hashes": [
"97168254639326893302552685414837505433",
"161746575032618795428544049758327357297"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_packet_resize.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-ef3aa2cc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"111717571355353548291625923274947952429"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_rtt.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-f865de20",
"digest": {
"threshold": 0.9,
"line_hashes": [
"154383720285435500606099364770956044236",
"159741852398088935058144708713439485468",
"20273375776102581850171073740869406936",
"303070482790222126544430691791876273222",
"161304752645702946269055427251387091512",
"203242622078859439262801246495976944923",
"321148438106531852595790844515523197290",
"289719225989387575174329934965054172761",
"181515758304043979329820085428565967328",
"156983514572617144905503566724841745724",
"25146364308414469233789885325580958152",
"187353988208619651822698694232445299261",
"95878864696591651455418321356419346531",
"258090387141912309018077425082152707680",
"37698580795323631896911363188478194070"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_str.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
},
{
"id": "CVE-2025-54939-fdbc0479",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202353464930526390077098601560417350592",
"122903598752169423534516003506854298488",
"15368703676100723832521309891340520386"
]
},
"signature_type": "Line",
"target": {
"file": "src/liblsquic/lsquic_qdec_hdl.h"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/litespeedtech/lsquic/commit/4cd9252e77fb4a36b572e2167a84067d603d3b23"
}
]
Git / github.com/litespeedtech/openlitespeed
Affected ranges
- Type
- GIT
- Repo
- https://github.com/litespeedtech/openlitespeed
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v.*
v.1.7.11
v.1.7.11.1
v1.*
v1.0.4
v1.3
v1.3.2
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.18.1
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.5.0
v1.5.0rc6
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.1
v1.7.10
v1.7.10.1
v1.7.10.2
v1.7.12
v1.7.12.1
v1.7.13
v1.7.13.1
v1.7.13.2
v1.7.14
v1.7.15
v1.7.15.2
v1.7.16
v1.7.16.1
v1.7.17
v1.7.18
v1.7.18.1
v1.7.19
v1.7.19.1
v1.7.19.2
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.7.9.1
v1.7.9.2
v1.8.0
v1.8.1
v1.8.2
v1.8.2.1
v1.8.3
v1.8.3.1