rustsec-2024-0354
Vulnerability from osv_rustsec
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation
for importing key material for Megolm group sessions and PkDecryption Ed25519
secret keys. This flaw might allow an attacker to infer some information about
the secret key material through a side-channel attack.
Impact
The use of a non-constant time base64 implementation might allow an attacker to observe timing variations in the encoding and decoding operations of the secret key material. This could potentially provide insights into the underlying secret key material.
The impact of this vulnerability is considered low because exploiting the attacker is required to have access to high precision timing measurements, as well as repeated access to the base64 encoding or decoding processes. Additionally, the estimated leakage amount is bounded and low according to the referenced paper[[1]].
{
"affected": [
{
"database_specific": {
"categories": [
"crypto-failure",
"memory-exposure"
],
"cvss": null,
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "vodozemac",
"purl": "pkg:cargo/vodozemac"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.7.0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2024-40640",
"GHSA-j8cm-g7r6-hfpq"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation\nfor importing key material for Megolm group sessions and `PkDecryption` Ed25519\nsecret keys. This flaw might allow an attacker to infer some information about\nthe secret key material through a side-channel attack.\n\n## Impact\n\nThe use of a non-constant time base64 implementation might allow an attacker to\nobserve timing variations in the encoding and decoding operations of the secret\nkey material. This could potentially provide insights into the underlying secret\nkey material.\n\nThe impact of this vulnerability is considered low because exploiting the\nattacker is required to have access to high precision timing measurements, as\nwell as repeated access to the base64 encoding or decoding processes.\nAdditionally, the estimated leakage amount is bounded and low according to the\nreferenced paper[[1]].\n\n[1]: https://arxiv.org/abs/2108.04600",
"id": "RUSTSEC-2024-0354",
"modified": "2024-07-18T11:24:58Z",
"published": "2024-07-17T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/vodozemac"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0354.html"
},
{
"type": "ADVISORY",
"url": "https://github.com/matrix-org/vodozemac/security/advisories/GHSA-j8cm-g7r6-hfpq"
}
],
"related": [],
"severity": [],
"summary": " Usage of non-constant time base64 decoder could lead to leakage of secret key material"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.