RUSTSEC-2026-0159 Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

Astra Linux - уязвимость в thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...

EUVD-2021-21460

Malware in sbrugna...

EUVD-2022-6927

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-45193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. Th...

Linux Distros Unpatched Vulnerability : CVE-2024-45191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache- timing attacks due to use of S-boxes. This is related to...

Linux Distros Unpatched Vulnerability : CVE-2024-45192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to th...

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

CVE-2024-12698 Ose-olm-catalogd-container: incomplete fix for rapid reset (cve-2023-39325/cve-2023-44487)

An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability CVE-2023-39325/CVE-2023-44487 where only unauthenticated streams were protected, not streams created by authenticated sources...

CVE-2024-12698 Ose-olm-catalogd-container: incomplete fix for rapid reset (cve-2023-39325/cve-2023-44487)

An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability CVE-2023-39325/CVE-2023-44487 where only unauthenticated streams were protected, not streams created by authenticated sources...

alerter (>=0.3.0 <=0.3.1), libmatrix-client (=0.0.1) +10 more potentially affected by unknown CVE via olm-sys (>=0.1.5 <=1.3.2)

olm-sys CARGO version =0.1.5, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:GHSA-P2Q9-36VW-C468...

PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3

Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...

RUSTSEC-2024-0368 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

alerter (>=0.3.0 <=0.3.1), libmatrix-client (=0.0.1) +10 more potentially affected by CVE-2024-45191 +2 more via olm-sys (>=0.1.5 <=1.3.2)

olm-sys CARGO version =0.1.5, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.1.0, =0.3.0 Source cves: CVE-2024-45191, CVE-2024-45192, CVE-2024-45193 Source advisory: OSV:RUSTSEC-2024-0368...

SUSE CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

SUSE CVE-2024-45193

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the...

DEBIAN-CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

DEBIAN-CVE-2024-45191

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...

DEBIAN-CVE-2024-45193

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the...