CVE-2022-30592

CRITICAL

lsquic < 3.1.0 - NULL Pointer Dereference in lsquic_qenc_hdl.c

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-30592. PoCs published by efchatz.

AI-analyzed exploit summary This repository contains proof-of-concept scripts for HTTP/3-based attacks, including a DoS exploit for CVE-2022-30592 targeting the lsquic library and LiteSpeed servers. The scripts demonstrate flooding, slowloris, and stream-based attacks using HTTP/3.

Description

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.

Exploits (1)

nomisec WORKING POC 79 stars

by efchatz · poc

https://github.com/efchatz/HTTP3-attacks

View Code ZIP pw:eip

This repository contains proof-of-concept scripts for HTTP/3-based attacks, including a DoS exploit for CVE-2022-30592 targeting the lsquic library and LiteSpeed servers. The scripts demonstrate flooding, slowloris, and stream-based attacks using HTTP/3.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: lsquic library, LiteSpeed server

No auth needed

Prerequisites: aioquic library installation · curl with HTTP/3 support · Docker for HTTP/3 flooding

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/litespeedtech/lsquic/releases/tag/v3.1.0

Patch, Third Party Advisory x_refsource_misc

https://github.com/litespeedtech/lsquic/commit/a74702c630e108125e71898398737baec8f02238#diff-73a138506faffe5f1efa8586346ab573c88e9dd2097774ecca5949a718a57cae

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0318

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-476

Status published

Products (1)

litespeedtech/lsquic < 3.1.0

Published May 11, 2022

Tracked Since Feb 18, 2026