Products
Matrix libolm (Olm)
- up to 3.2.16
Source
cve@mitre.org
Tags
CVE-2024-45192 details
Published : Aug. 22, 2024, 4:15 p.m.
Last Modified : Aug. 22, 2024, 7:35 p.m.
Last Modified : Aug. 22, 2024, 7:35 p.m.
Description
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-385 | Covert Timing Channel | Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
URL | Source |
---|---|
https://gitlab.matrix.org/matrix-org/olm/ | cve@mitre.org |
https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985 | cve@mitre.org |
https://news.ycombinator.com/item?id=41249371 | cve@mitre.org |
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/ | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.