CVE-2024-2258824.05.2024, 15:15Kwik commit 745fd4e2 does not discard unused encryption keys.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.5 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LmitreCNA------CVEADP------CISA-ADPADP6.5 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LBase ScoreCVSS 3.xEPSS ScorePercentile: 12%Common Weakness EnumerationCWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Referenceshttps://gist.github.com/QUICTester/29a1851c2b2a406411f688735526fe2ehttps://github.com/ptrd/kwik/issues/31https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keyshttps://gist.github.com/QUICTester/29a1851c2b2a406411f688735526fe2ehttps://github.com/ptrd/kwik/issues/31https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys