CVE-2024-34063
Last modified
CVE-2024-34063 is a low-severity vulnerability rated 2.5/10 on the CVSS scale. vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2024-34063?
How severe is CVE-2024-34063?
How do I fix CVE-2024-34063?
Are you affected by CVE-2024-34063?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST