Reported

September 2, 2024

Issued

September 2, 2024

Package

olm-sys (crates.io)

Type

Vulnerability

Categories

• crypto-failure

References

• https://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
• https://matrix.org/blog/2024/08/libolm-deprecation/

Related

• CVE-2024-45191
• CVE-2024-45192
• CVE-2024-45193

Patched

no patched versions

Description

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.

Advisory available under CC0-1.0 license.