Vulnerabilities > CVE-2024-25679 - Unspecified vulnerability in Pquic

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

LOW

network

high complexity

pquic

NVD

Published: 2024-02-09

Updated: 2024-02-15

Summary

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

Vulnerable Configurations

Part	Description	Count
Application	Pquic Pquic Pquic *	1

References

https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys
https://github.com/p-quic/pquic/pull/39
https://github.com/p-quic/pquic/issues/35