30 matches found
EUVD-2024-1567
Malicious code in bioql PyPI...
CVE-2024-34063
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...
CVE-2024-40640
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3
Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
RUSTSEC-2024-0368 olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
PT-2024-31475 · Unknown +1 · Matrix Libolm +1
Name of the Vulnerable Software and Affected Versions: Matrix libolm versions through 3.2.16 Description: An issue was discovered in Matrix libolm, where cache-timing attacks can occur due to the use of base64 when decoding group session keys. This vulnerability only affects products that are no...
PT-2024-31476 · Matrix +1 · Libolm +1
Name of the Vulnerable Software and Affected Versions: Matrix libolm versions 3.2.16 and earlier Description: There is Ed25519 signature malleability due to lack of validation criteria in the libolm implementation of Olm, which does not ensure that S n. This issue only affects products that are n...
matrix-qrcode (=0.3.0), matrix-sdk-base (>=0.5.0 <=0.5.1) +5 more potentially affected by CVE-2024-40640 via vodozemac (>=0.2.0 <=0.3.0)
vodozemac CARGO version =0.2.0, =0.5.0, =0.3.0, =0.4.0 - matrix-sdk-sled =0.1.0 - matrix-sdk-sql =0.1.0-beta.2 Source cves: CVE-2024-40640 Source advisory: OSV:GHSA-J8CM-G7R6-HFPQ...
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
CVE-2024-40640
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
CVE-2024-40640
CVE-2024-40640 affects the vodozemac project (Rust) prior to version 0.7.0. The flaw is in a non-constant time base64 implementation used when importing key material for Megolm group sessions and for PkDecryption Ed25519 secret keys. This may allow a local attacker to observe timing variations du...
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
matrix-qrcode (=0.3.0), matrix-sdk-base (>=0.5.0 <=0.5.1) +5 more potentially affected by CVE-2024-40640 via vodozemac (>=0.2.0 <=0.3.0)
vodozemac CARGO version =0.2.0, =0.5.0, =0.3.0, =0.4.0 - matrix-sdk-sled =0.1.0 - matrix-sdk-sql =0.1.0-beta.2 Source cves: CVE-2024-40640 Source advisory: OSV:RUSTSEC-2024-0354...
Usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
PT-2024-28958 · Vodozemac · Vodozemac
Name of the Vulnerable Software and Affected Versions: vodozemac versions prior to 0.7.0 Description: The issue is related to the use of a non-constant time base64 implementation in vodozemac for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw migh...
SUSE CVE-2024-34063
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...