Lucene search
Japan Vulnerability NotesJVN:55045256HistoryJun 07, 2024 - 12:00 a.m.
JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App
2024-06-0700:00:00
Japan Vulnerability Notes
jvn.jp
1
freefrom
nostr client
vulnerabilities
android
ios
update
cryptographic signature
integrity checking
encryption
manipulation
man-in-the-middle attack
“FreeFrom - the nostr client” App provided by FreeFrom K.K. contains multiple vulnerabilities listed below.
Improper verification of cryptographic signature (CWE-347) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36277Reliance on obfuscation or encryption of security-relevant inputs without integrity checking (CWE-649)CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36279Reusing a nonce, key pair in encryption (CWE-323) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2024-36289
Impact
- The affected app cannot detect event data with invalid signatures (CVE-2024-36277)
- The content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack (CVE-2024-36279, CVE-2024-36289)
Solution
Update the application
Update the application to the latest version according to the information provided by the developer.
Products Affected
- “FreeFrom - the nostr client” App for Android versions prior to 1.3.5
- “FreeFrom - the nostr client” App for iOS versions prior to 1.3.5
Related
cvelist
cvelist
cve
cve
vulnrichment
vulnrichment
nvd
nvd