CVE-2024-45192Covert Timing Channel in OLM

CWE-385Covert Timing Channel5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 50.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Matrix OLM
Timeline
PublishedAug 22

Description

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

NVDmatrix/olm3.2.16

Patches

Patch: gitlab.matrix.org

🔴Vulnerability Details

3
CVEList
CVE-2024-45192: An issue was discovered in Matrix libolm through 32024-08-22
GHSA
GHSA-5qxq-95fv-whxm: An issue was discovered in Matrix libolm (aka Olm) through 32024-08-22
OSV
CVE-2024-45192: An issue was discovered in Matrix libolm through 32024-08-22

📋Vendor Advisories

1
Debian
CVE-2024-45192: olm - An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks ca...2024
CVE-2024-45192 — Covert Timing Channel in Matrix OLM | cvebase