CVE-2024-22590

Description

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.

CVSS v3.1 Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Weakness Type (CWE)

CWE-372 CWE-372

References

Other References

https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556 https://gist.github.com/QUICTester/ea3eb2ac736bb63e47c654e14e3ec556

Frequently Asked Questions

What is CVE-2024-22590? +

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established. It has a CVSS v3.1 base score of 9.1 (CRITICAL).

How severe is CVE-2024-22590? +

CVE-2024-22590 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

How do I check if I'm vulnerable to CVE-2024-22590? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-41340 6.5

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named …

CVE-2026-41300 6.5

OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials …

CVE-2026-41388 6.5

OpenClaw before 2026.3.31 contains a configuration management vulnerability where startup migration treats empty-array settings as missing values. Attackers can restart …