CVE-2024-45191

MEDIUM5.3EPSS 0.14%

olm-sys: wrapped library unmaintained, potentially vulnerable

Published: 9/2/2024Modified: 2/4/2026

Also known as:GHSA-p2q9-36vw-c468RUSTSEC-2024-0368

Description

After several cryptographic vulnerabilities in `libolm` were disclosed publicly, the Matrix Foundation has [officially deprecated the library](https://matrix.org/blog/2024/08/libolm-deprecation/). `olm-sys` is a thin wrapper around `libolm` and is now deprecated and potentially vulnerable in kind. Users of `olm-sys` and its higher-level abstraction, `olm-rs`, are highly encouraged to switch to [`vodozemac`](https://crates.io/crates/vodozemac) as soon as possible. It is the successor effort to `libolm` and is written in Rust.

Affected packages (2)

crates.io/olm-sys>= 0.0.0-0
Debian/olmfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References (5)

ADVISORYhttps://rustsec.org/advisories/RUSTSEC-2024-0368.html
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-45191
PATCHhttps://crates.io/crates/olm-sys
REPORThttps://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
WEBhttps://matrix.org/blog/2024/08/libolm-deprecation/