// For flags

CVE-2024-40640

Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac

Severity Score

2.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. The use of a non-constant time base64 implementation might allow an attacker to observe timing variations in the encoding and decoding operations of the secret key material. This could potentially provide insights into the underlying secret key material. The impact of this vulnerability is considered low because exploiting the attacker is required to have access to high precision timing measurements, as well as repeated access to the base64 encoding or decoding processes. Additionally, the estimated leakage amount is bounded and low according to the referenced paper. This has been patched in commit 734b6c6948d4b2bdee3dd8b4efa591d93a61d272 which has been included in release version 0.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

vodozemac es una implementación de código abierto de Olm y Megolm en Rust puro. Las versiones anteriores a la 0.7.0 de vodozemac utilizan una implementación base64 de tiempo no constante para importar material clave para sesiones de grupo Megolm y claves secretas `PkDecryption` Ed25519. Esta falla podría permitir a un atacante inferir cierta información sobre el material de la clave secreta a través de un ataque de canal lateral. El uso de una implementación de base64 de tiempo no constante podría permitir a un atacante observar variaciones de tiempo en las operaciones de codificación y decodificación del material de clave secreta. Potencialmente, esto podría proporcionar información sobre el material de la clave secreta subyacente. El impacto de esta vulnerabilidad se considera bajo porque para explotar al atacante se requiere tener acceso a mediciones de tiempo de alta precisión, así como acceso repetido a los procesos de codificación o decodificación base64. Además, la cantidad estimada de fuga es limitada y baja según el documento de referencia. Esto se ha parcheado en el commit 734b6c6948d4b2bdee3dd8b4efa591d93a61d272 que se ha incluido en la versión 0.7.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-07-08 CVE Reserved
  • 2024-07-17 CVE Published
  • 2024-07-18 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-208: Observable Timing Discrepancy
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Matrix-org
Search vendor "Matrix-org"
Vodozemac
Search vendor "Matrix-org" for product "Vodozemac"
< 0.7.0
Search vendor "Matrix-org" for product "Vodozemac" and version " < 0.7.0"
en
Affected