Back

CVE-2024-36289

June 17, 2024, 12:42 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

FreeFrom - the nostr client App

  • before 1.3.5

FreeFrom - the nostr client App

  • < 1.3.5

Source

vultures@jpcert.or.jp

Tags

vultures@jpcert.or.jp
2024-06-17
CVE-2024-36289

CVE-2024-36289 details

Published : June 17, 2024, 8:15 a.m.
Last Modified : June 17, 2024, 12:42 p.m.

Description

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930 vultures@jpcert.or.jp
https://freefrom.space/ vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN55045256/ vultures@jpcert.or.jp
https://play.google.com/store/apps/details?id=com.freefrom vultures@jpcert.or.jp
This website uses the NVD API, but is not approved or certified by it.