CVE-2024-22590

EUVD-2024-20124
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ptrdkwik
745fd4e2d8d104b9cf1e8342d150ff8967c65892 ≤
𝑥
< 11862d54d72de63abd0b76ca6bb9df56e634212c
ADP
Common Weakness Enumeration
References
https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556
https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556