CVE-2025-24946

Summary

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

Affected Software

VendorProductVersion RangeStatus
privateoctopuspicoquic0 < b80fd3f5903279ae3e7714ee4109363d9ab4491aaffected

Weaknesses

  • CWE-407: CWE-407 Inefficient Algorithmic Complexity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References