CVE-2024-45192

{"id": "CVE-2024-45192", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-08-22T16:15:10.237", "references": [{"url": "https://gitlab.matrix.org/matrix-org/olm/", "source": "cve@mitre.org"}, {"url": "https://gitlab.matrix.org/matrix-org/olm/-/commit/6d4b5b07887821a95b144091c8497d09d377f985", "source": "cve@mitre.org"}, {"url": "https://news.ycombinator.com/item?id=41249371", "source": "cve@mitre.org"}, {"url": "https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-385"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Matrix libolm (tambi\u00e9n conocido como Olm) hasta la versi\u00f3n 3.2.16. Los ataques de sincronizaci\u00f3n de cach\u00e9 pueden ocurrir debido al uso de base64 al decodificar claves de sesi\u00f3n grupal. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2024-09-10T19:35:09.943", "sourceIdentifier": "cve@mitre.org"}