CVE-2024-45191

MEDIUM5.3EPSS 0.14%

olm-sys: wrapped library unmaintained, potentially vulnerable

發布日:2024/9/2修改日:2026/2/4

也稱為:GHSA-p2q9-36vw-c468RUSTSEC-2024-0368

描述

After several cryptographic vulnerabilities in `libolm` were disclosed publicly, the Matrix Foundation has [officially deprecated the library](https://matrix.org/blog/2024/08/libolm-deprecation/). `olm-sys` is a thin wrapper around `libolm` and is now deprecated and potentially vulnerable in kind. Users of `olm-sys` and its higher-level abstraction, `olm-rs`, are highly encouraged to switch to [`vodozemac`](https://crates.io/crates/vodozemac) as soon as possible. It is the successor effort to `libolm` and is written in Rust.

受影響套件(2)

crates.io/olm-sys>= 0.0.0-0
Debian/olmfrom 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

參考連結(5)

ADVISORYhttps://rustsec.org/advisories/RUSTSEC-2024-0368.html
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-45191
PATCHhttps://crates.io/crates/olm-sys
REPORThttps://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
WEBhttps://matrix.org/blog/2024/08/libolm-deprecation/