VYPR

Vodozemac

by Matrix Org

cargo: vodozemac

Source repositories

CVEs (2)

  • CVE-2024-40640LowJul 17, 2024
    risk 0.12cvss 2.9epss 0.00

    vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an…

  • CVE-2024-34063LowMay 3, 2024
    risk 0.09cvss 2.5epss 0.00

    vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a…