| Summary | An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|---|---|
| Publication Date | Aug. 23, 2024, 1:15 a.m. |
| Registration Date | Aug. 26, 2024, 4:57 p.m. |
| Last Update | Sept. 11, 2024, 4:35 a.m. |
| Title | Matrix の Olm におけるタイミングの違いに起因する情報漏えいに関する脆弱性 |
|---|---|
| Summary | Matrix の Olm には、タイミングの違いに起因する情報漏えいに関する脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Aug. 22, 2024, midnight |
| Registration Date | June 18, 2025, 6:17 p.m. |
| Last Update | June 18, 2025, 6:17 p.m. |
| Matrix |
| Olm 3.2.16 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年06月18日] 掲載 |
June 18, 2025, 6:17 p.m. |