Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

PT-2024-28958 · Vodozemac · Vodozemac

Name of the Vulnerable Software and Affected Versions: vodozemac versions prior to 0.7.0 Description: The issue is related to the use of a non-constant time base64 implementation in vodozemac for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw migh...