CVE-2024-31617

Published May 22, 2024

Last updated 9 months ago

CVSS medium 5.3

Overview

Description: OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
Source: cve@mitre.org
NVD status: Analyzed
Products: openlitespeed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-770

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B371624B-D484-4A8D-B256-AA34118D042C",
            "versionEndExcluding": "1.8.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.•CVE-2025-54939

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References