Medium severity5.3NVD Advisory· Published Nov 12, 2022· Updated Jun 17, 2026
CVE-2022-45195
CVE-2022-45195
Description
SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- SimpleXMQ/SimpleXMQdescription
- Range: <4.2
Patches
Vulnerability mechanics
References
4- github.com/simplex-chat/simplexmq/pull/548nvdPatchThird Party Advisory
- github.com/trailofbits/publications/blob/master/reviews/SimpleXChat.pdfnvdExploitTechnical DescriptionThird Party Advisory
- github.com/simplex-chat/simplexmq/compare/v3.3.0...v3.4.0nvdRelease NotesThird Party Advisory
- simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.htmlnvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.