CVE-2024-34063

2.5 LOW
Published: May 03, 2024 Modified: April 15, 2026
View on NVD

Description

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9
Source: security-advisories@github.com
https://github.com/matrix-org/vodozemac/security/advisories/GHSA-c3hm-hxwf-g5c6
Source: security-advisories@github.com
https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/matrix-org/vodozemac/security/advisories/GHSA-c3hm-hxwf-g5c6
Source: af854a3a-2127-422b-91ae-364da2661108

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
2.5 / 10.0
EPSS (Exploit Probability)
0.0%
6th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-1188

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1