CVE-2024-22588
MEDIUM5.3EPSS 0.04%Kwik does not discard unused encryption keys
發布日:2024/5/24修改日:2024/5/24
描述
Kwik commit 745fd4e2 does not discard unused encryption keys.
受影響套件(1)
- Maven/tech.kwik:kwikfrom 0, < 0.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-22588
- PATCHhttps://github.com/ptrd/kwik
- WEBhttps://gist.github.com/QUICTester/29a1851c2b2a406411f688735526fe2e
- WEBhttps://github.com/ptrd/kwik/commit/040b0d1327bfb0a8e35c23c2bd612a4a39b721d4
- WEBhttps://github.com/ptrd/kwik/issues/31
- WEBhttps://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys