CVE-2024-45192

Exploit

EPSS 0.19%
Veröffentlicht 22.08.2024 16:15:10
Zuletzt bearbeitet 17.06.2025 19:55:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Matrix ≫ Olm Version <= 3.2.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.415

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://gitlab.matrix.org/matrix-org/olm/

Product

https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985

Patch

https://news.ycombinator.com/item?id=41249371

Issue Tracking

https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-45192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45192

EUVD