VYPR

crates.io package

vodozemac

pkg:cargo/vodozemac

Vulnerabilities (2)

  • CVE-2024-40640LowJul 17, 2024
    affected < 0.7.0fixed 0.7.0

    vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an attac

  • CVE-2024-34063LowMay 3, 2024
    affected >= 0.5.0, < 0.6.0fixed 0.6.0

    vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a fe