PT-2022-27425 · Unknown+1 · Simplechat+1
Published
2022-11-12
·
Updated
2022-11-17
·
CVE-2022-45195
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SimpleXMQ versions prior to 3.4.0
SimpleX Chat versions prior to 4.2
Description
The issue occurs in the X3DH key exchange for the double ratchet protocol, where a key derivation function is not applied to intended data. This can interfere with forward secrecy and have other impacts if there is a compromise of a single private key.
Recommendations
For SimpleXMQ versions prior to 3.4.0, update to version 3.4.0 or later.
For SimpleX Chat versions prior to 4.2, update to version 4.2 or later.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplechat
Simplexmq