Kazuhiko Minematsu

**Name of the Vulnerable Software and Affected Versions** FreeFrom - the nostr client versions prior to 1.3.5 **Description** The issue is related to improper verification of cryptographic signatures. This means the affected app cannot detect event data with invalid signatures, potentially allowing unauthorized or tampered data to be accepted as valid. **Recommendations** For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the app until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FreeFrom - the nostr client versions prior to 1.3.5 **Description** The issue exists due to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. If exploited, the content of direct messages between users may be manipulated by a man-in-the-middle attack. **Recommendations** For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of direct messages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FreeFrom - the nostr client versions prior to 1.3.5 **Description** A reusing nonce, key pair in encryption issue exists. If this issue is exploited, the content of direct messages between users may be manipulated by a man-in-the-middle attack. **Recommendations** For versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of direct messages until the update is applied.