HistoryEditJSON (OSV)

RUSTSEC-2024-0368

olm-sys: wrapped library unmaintained, potentially vulnerable

Reported
Issued
Package
olm-sys (crates.io)
Type
Vulnerability
Categories
References
Patched
no patched versions

Description

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.

Advisory available under CC0-1.0 license.