Home > Vulnerability Database > CVE-2024-34063

Mend.io Vulnerability Database

CVE-2024-34063

Date: May 3, 2024

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: RUST

Severity Score

2.5

Related Resources (7)

Url: https://rustsec.org/advisories/RUSTSEC-2024-0342.html

Url: https://crates.io/crates/vodozemac

Url: https://github.com/matrix-org/vodozemac/security/advisories/GHSA-c3hm-hxwf-g5c6

Url: https://github.com/matrix-org/vodozemac

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34063

Url: https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9

Url: https://www.mend.io/vulnerability-database/CVE-2024-34063

Severity Score

2.5

Weakness Type (CWE)

Initialization of a Resource with an Insecure Default

CWE-1188

CVSS v3.1

Base Score:	2.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34063

Date: May 3, 2024

Language: RUST

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?