Home > Vulnerability Database > CVE-2024-22590

Mend.io Vulnerability Database

CVE-2024-22590

Date: May 28, 2024

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.

Language: Java

Severity Score

5.7

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22590

Url: https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556

Url: https://www.mend.io/vulnerability-database/CVE-2024-22590

Severity Score

5.7

Weakness Type (CWE)

Incomplete Internal State Distinction

CWE-372

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22590

Date: May 28, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?