Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-45191

HistoryAug 22, 2024 - 4:15 p.m.

CVE-2024-45191

2024-08-2216:15:10

Alpine Linux Development Team

security.alpinelinux.org

matrix

libolm

aes

cache-timing attacks

s-boxes

subword step

vulnerability

lookup table

unsupported products

maintainer

unix

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

Percentile

16.4%

JSON

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarcholm= 3.2.16-r1UNKNOWN
Alpine3.20-communitynoarcholm= 3.2.16-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	olm	= 3.2.16-r1	UNKNOWN
Alpine	3.20-community	noarch	olm	= 3.2.16-r1	UNKNOWN

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

Percentile

16.4%

JSON

Related for ALPINE:CVE-2024-45191