Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK (CVE-2025-54939) is a newly discovered pre-handshake memory exhaustion vulnerability in the LSQUIC QUIC implementation, the second most widely used implementation after Quiche….
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/08/quic-leak-cve-2025-54939-new-high-risk-pre-handshake-remote-denial-of-service-in-lsquic-quic-implementation/
