{
  "id": "CVE-2024-25679",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-09T10:15:08.740",
  "lastModified": "2024-02-09T14:26:32.663",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/p-quic/pquic/issues/35",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/p-quic/pquic/pull/39",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys",
      "source": "cve@mitre.org"
    }
  ]
}