Matrix Sdk Crypto
Approved changes feed: RSS · Atom
cpe:2.3:a:matrix-org:matrix-sdk-crypto:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Matrix Org (d88e1973-fb17-5e22-857e-e34f791696f0) |
|---|---|
| Product | Matrix Sdk Crypto (f9b595b2-003e-5725-9b09-ca87a4fd192c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-34353 |
vulnerable | 2026-06-03 14:55:53.915601 |
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
MEDIUM (5.5)
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric
cryptography, with each server-side key backup assigned a unique public-private key pair. Due to a logic bug introduced in commit 71136e44c03c79f80d6d1a2446673bc4d53a2067, matrix-sdk-crypto version 0.7.0 will sometimes log the private part of the backup key pair to Rust debug logs (using the `tracing` crate). This issue has been resolved in matrix-sdk-crypto version 0.7.1. No known workarounds are available.
Published: 2024-05-13T15:43:10.574Z
Updated: 2024-08-02T02:51:10.872Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.