CVE-2024-34063

Name of the Vulnerable Software and Affected Versions vodozemac versions 0.5.0 through 0.5.1

Description The issue is related to degraded secret zeroization capabilities in vodozemac, due to changes in third-party cryptographic dependencies, specifically the Dalek crates. This could result in the production of more memory copies of encryption secrets and secrets lingering in memory longer than necessary, marginally increasing the risk of sensitive data exposure. The impact of this issue is considered low, as the inherent limitations of Rust regarding absolute zeroization reduce the practical severity of this lapse.

Recommendations For versions 0.5.0 and 0.5.1, upgrade to version 0.6.0 to address the issue. At the moment, there are no known workarounds for this vulnerability.