CVE-2024-34063

CVE-2024-34063 affects the Rust cryptographic library vodozemac (Matrix) versions 0.5.0 and 0.5.1 . The root cause is changes in third‑party Dalek crates that moved secret zeroization behind a feature flag, which is disabled by default, leading to degraded zeroization and the possibility that enc...

CVE-2024-34063 Degraded secret zeroization capabilities in vodozemac

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...

Degraded secret zeroization capabilities

Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag while vodozemac disabled the default feature set. Impact The degraded...

RUSTSEC-2024-0342 Degraded secret zeroization capabilities

Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag while vodozemac disabled the default feature set. Impact The degraded...

SUSE CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification...

openssl security and bug fix update

3.0.1-41.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz2115861 - Add FIPS indicator for HKDF Resolves: rhbz2118388 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz2115856 - Dea...

CVE-2021-45706

An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...

`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...

DEBIAN-CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

UBUNTU-CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 and before 2.16.8 LTS and before 2.7.17 LTS. There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory...

PT-2021-6687 · Mbed Tls +2 · Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.24.0 Mbed TLS versions prior to 2.16.8 LTS Mbed TLS versions prior to 2.7.17 LTS Description: The issue is related to the missing zeroization of plaintext buffers in the mbedtls ssl read function, which fails to...

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

CVE-2018-11055

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 in 4.0.x and prior to 4.1.6.1 in 4.1.x, contains an Improper Clearing of Heap Memory Before Release 'Heap Inspection' vulnerability. Decoded PKCS 12 data in heap memory is not zeroized by MES before releasing the memory internally and a...

CVE-2015-9123

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD...