exploitDog

CVE-2024-25679

Опубликовано: 09 фев. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

Ссылки

https://github.com/p-quic/pquic/issues/35
Issue Tracking
https://github.com/p-quic/pquic/pull/39
Patch
https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys
Not Applicable
https://github.com/p-quic/pquic/issues/35
Issue Tracking
https://github.com/p-quic/pquic/pull/39
Patch
https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pquic:pquic:*:*:*:*:*:*:*:*

Версия до 2023-10-30 (исключая)

EPSS

Процентиль: 9%

0.00031

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-324

Связанные уязвимости

GHSA-65j3-gr82-45jh

CVSS3: 6.5

github

почти 2 года назад

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

EPSS

Процентиль: 9%

0.00031

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-324