CVE-2024-45191Observable Timing Discrepancy in OLM

CWE-208Observable Timing Discrepancy5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 65.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Matrix OLM
Timeline
PublishedAug 22

Description

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

NVDmatrix/olm3.2.16

Patches

Patch: gitlab.matrix.org

🔴Vulnerability Details

3
CVEList
CVE-2024-45191: An issue was discovered in Matrix libolm through 32024-08-22
OSV
CVE-2024-45191: An issue was discovered in Matrix libolm through 32024-08-22
GHSA
GHSA-gc66-2jq6-66c6: An issue was discovered in Matrix libolm (aka Olm) through 32024-08-22

📋Vendor Advisories

1
Debian
CVE-2024-45191: olm - An issue was discovered in Matrix libolm through 3.2.16. The AES implementation ...2024
CVE-2024-45191 — Observable Timing Discrepancy in OLM | cvebase