Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS13OGNwLWZyeGMtNTVwas4AA8iX

Kwik does not discard unused encryption keys

Kwik commit 745fd4e2 does not discard unused encryption keys.

Permalink: https://github.com/advisories/GHSA-w8cp-frxc-55pj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OGNwLWZyeGMtNTVwas4AA8iX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 months ago
Updated: 16 days ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-w8cp-frxc-55pj, CVE-2024-22588
References:

• https://nvd.nist.gov/vuln/detail/CVE-2024-22588
• https://github.com/ptrd/kwik/issues/31
• https://github.com/ptrd/kwik/commit/040b0d1327bfb0a8e35c23c2bd612a4a39b721d4
• https://gist.github.com/QUICTester/29a1851c2b2a406411f688735526fe2e
• https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys
• https://github.com/advisories/GHSA-w8cp-frxc-55pj

Repository: https://github.com/ptrd/kwik
Blast Radius: 1.0

Affected Packages