CVE-2024-45192

Exploit

EPSS 0.25%
Published 22.08.2024 16:15:10
Last modified 17.06.2025 19:55:30
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Matrix ≫ Olm Version <= 3.2.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.488

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://gitlab.matrix.org/matrix-org/olm/

Product

https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985

Patch

https://news.ycombinator.com/item?id=41249371

Issue Tracking

https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-45192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45192

EUVD