CVE-2024-22590

Name of the Vulnerable Software and Affected Versions Kwik version 745fd4e2

Description The TLS engine does not track the current state of the connection, allowing Client Hello messages to be overwritten at any time, including after a connection has been established.

Recommendations For version 745fd4e2, consider disabling the TLS engine until a patch is available to prevent Client Hello messages from being overwritten. Restrict access to the TLS engine to minimize the risk of exploitation. Avoid using the TLS engine for establishing connections until the issue is resolved.