CVE-2024-34353

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34353
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34353.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34353
Aliases
Published
2024-05-14T15:38:43Z
Modified
2024-11-26T11:08:37.146521Z
Summary
[none]
Details

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the tracing crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available.

References

Affected packages

Git / github.com/matrix-org/matrix-rust-sdk

Affected ranges

Type
GIT
Repo
https://github.com/matrix-org/matrix-rust-sdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
71136e44c03c79f80d6d1a2446673bc4d53a2067
Fixed
fa10bbb5dd0f9120a51aa1854cec752e25790bb0

Affected versions

0.*

0.1.0
0.2.0
0.3.0
0.7.0
0.7.1

Other

0f

matrix-qrcode-0.*

matrix-qrcode-0.2.0

matrix-sdk-0.*

matrix-sdk-0.4.0
matrix-sdk-0.4.1
matrix-sdk-0.5.0
matrix-sdk-0.6.0

matrix-sdk-base-0.*

matrix-sdk-base-0.4.0
matrix-sdk-base-0.4.1
matrix-sdk-base-0.5.0
matrix-sdk-base-0.5.1
matrix-sdk-base-0.6.0

matrix-sdk-common-0.*

matrix-sdk-common-0.4.0
matrix-sdk-common-0.4.1
matrix-sdk-common-0.5.0
matrix-sdk-common-0.6.0

matrix-sdk-crypto-0.*

matrix-sdk-crypto-0.4.0
matrix-sdk-crypto-0.4.1
matrix-sdk-crypto-0.5.0
matrix-sdk-crypto-0.6.0

matrix-sdk-crypto-ffi-0.*

matrix-sdk-crypto-ffi-0.1.0
matrix-sdk-crypto-ffi-0.1.1
matrix-sdk-crypto-ffi-0.1.10
matrix-sdk-crypto-ffi-0.1.2
matrix-sdk-crypto-ffi-0.1.3
matrix-sdk-crypto-ffi-0.1.4
matrix-sdk-crypto-ffi-0.1.5
matrix-sdk-crypto-ffi-0.1.6
matrix-sdk-crypto-ffi-0.1.7
matrix-sdk-crypto-ffi-0.1.8
matrix-sdk-crypto-ffi-0.1.9
matrix-sdk-crypto-ffi-0.2.0
matrix-sdk-crypto-ffi-0.2.1
matrix-sdk-crypto-ffi-0.3.0
matrix-sdk-crypto-ffi-0.3.1
matrix-sdk-crypto-ffi-0.3.10
matrix-sdk-crypto-ffi-0.3.11
matrix-sdk-crypto-ffi-0.3.12
matrix-sdk-crypto-ffi-0.3.13
matrix-sdk-crypto-ffi-0.3.2
matrix-sdk-crypto-ffi-0.3.4
matrix-sdk-crypto-ffi-0.3.5
matrix-sdk-crypto-ffi-0.3.6
matrix-sdk-crypto-ffi-0.3.7
matrix-sdk-crypto-ffi-0.3.8
matrix-sdk-crypto-ffi-0.3.9

matrix-sdk-crypto-js-0.*

matrix-sdk-crypto-js-0.1.0
matrix-sdk-crypto-js-0.1.0-alpha.10
matrix-sdk-crypto-js-0.1.0-alpha.6
matrix-sdk-crypto-js-0.1.0-alpha.8
matrix-sdk-crypto-js-0.1.0-alpha.9
matrix-sdk-crypto-js-0.1.2
matrix-sdk-crypto-js-0.1.3
matrix-sdk-crypto-js-0.1.4

matrix-sdk-crypto-js-v0.*

matrix-sdk-crypto-js-v0.1.0-alpha.0
matrix-sdk-crypto-js-v0.1.0-alpha.1
matrix-sdk-crypto-js-v0.1.0-alpha.2
matrix-sdk-crypto-js-v0.1.0-alpha.3
matrix-sdk-crypto-js-v0.1.0-alpha.4
matrix-sdk-crypto-js-v0.1.0-alpha.5
matrix-sdk-crypto-js-v0.1.0-alpha.6

matrix-sdk-crypto-nodejs-v0.*

matrix-sdk-crypto-nodejs-v0.1.0-beta.0

matrix-sdk-indexeddb-0.*

matrix-sdk-indexeddb-0.1.0
matrix-sdk-indexeddb-0.2.0

matrix-sdk-qrcode-0.*

matrix-sdk-qrcode-0.3.0
matrix-sdk-qrcode-0.4.0

matrix-sdk-sled-0.*

matrix-sdk-sled-0.1.0
matrix-sdk-sled-0.2.0

matrix-sdk-store-encryption-0.*

matrix-sdk-store-encryption-0.1.0
matrix-sdk-store-encryption-0.2.0

matrix-sdk-test-0.*

matrix-sdk-test-0.4.0
matrix-sdk-test-0.5.0
matrix-sdk-test-0.6.0

matrix-sdk-test-macros-0.*

matrix-sdk-test-macros-0.2.0