CVE-2024-40640
Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. The use of a non-constant time base64 implementation might allow an attacker to observe timing variations in the encoding and decoding operations of the secret key material. This could potentially provide insights into the underlying secret key material. The impact of this vulnerability is considered low because exploiting the attacker is required to have access to high precision timing measurements, as well as repeated access to the base64 encoding or decoding processes. Additionally, the estimated leakage amount is bounded and low according to the referenced paper. This has been patched in commit 734b6c6948d4b2bdee3dd8b4efa591d93a61d272 which has been included in release version 0.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
vodozemac es una implementación de código abierto de Olm y Megolm en Rust puro. Las versiones anteriores a la 0.7.0 de vodozemac utilizan una implementación base64 de tiempo no constante para importar material clave para sesiones de grupo Megolm y claves secretas `PkDecryption` Ed25519. Esta falla podría permitir a un atacante inferir cierta información sobre el material de la clave secreta a través de un ataque de canal lateral. El uso de una implementación de base64 de tiempo no constante podría permitir a un atacante observar variaciones de tiempo en las operaciones de codificación y decodificación del material de clave secreta. Potencialmente, esto podría proporcionar información sobre el material de la clave secreta subyacente. El impacto de esta vulnerabilidad se considera bajo porque para explotar al atacante se requiere tener acceso a mediciones de tiempo de alta precisión, así como acceso repetido a los procesos de codificación o decodificación base64. Además, la cantidad estimada de fuga es limitada y baja según el documento de referencia. Esto se ha parcheado en el commit 734b6c6948d4b2bdee3dd8b4efa591d93a61d272 que se ha incluido en la versión 0.7.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-08 CVE Reserved
- 2024-07-17 CVE Published
- 2024-07-18 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-208: Observable Timing Discrepancy
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://arxiv.org/abs/2108.04600 | X_refsource_misc | |
https://github.com/matrix-org/vodozemac/commit/734b6c6948d4b2bdee3dd8b4efa591d93a61d272 | X_refsource_misc | |
https://github.com/matrix-org/vodozemac/security/advisories/GHSA-j8cm-g7r6-hfpq | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Matrix-org Search vendor "Matrix-org" | Vodozemac Search vendor "Matrix-org" for product "Vodozemac" | < 0.7.0 Search vendor "Matrix-org" for product "Vodozemac" and version " < 0.7.0" | en |
Affected
|