CVE-2024-25679

Medium

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by…

mitre·NVD-CWE-noinfo·Published 2024-02-09

CVSS

6.5

EPSS

0.00

KEV

Exploits

cve.orgen

278 chars

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

NVDen

278 chars

NVDes

317 chars

En PQUIC anterior a 5bde5bb, la retención de claves de cifrado iniciales no utilizadas permite a los atacantes interrumpir una conexión con una configuración PSK enviando una trama CONNECTION_CLOSE cifrada mediante la clave inicial calculada. La detección del tráfico de red es necesaria como parte de la explotación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
3.1	Primary	NVD	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L