CVE-2024-45193Use of a Broken or Risky Cryptographic Algorithm in OLM

CWE-327Use of a Broken or Risky Cryptographic Algorithm5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 77.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Matrix OLM
Timeline
PublishedAug 22

Description

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDmatrix/olm3.2.16

Patches

Patch: gitlab.matrix.org

🔴Vulnerability Details

3
OSV
CVE-2024-45193: An issue was discovered in Matrix libolm through 32024-08-22
CVEList
CVE-2024-45193: An issue was discovered in Matrix libolm through 32024-08-22
GHSA
GHSA-w58g-789j-fj58: An issue was discovered in Matrix libolm (aka Olm) through 32024-08-22

📋Vendor Advisories

1
Debian
CVE-2024-45193: olm - An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signat...2024
CVE-2024-45193 — Matrix OLM vulnerability | cvebase