How severe is CVE-2024-34063?

This vulnerability has a severity rating of LOW with a CVSS score of 2.5 out of 10.

What type of vulnerability is CVE-2024-34063?

This is classified as CWE-1188, which is a common weakness in software security.

CVE-2024-34063 - LOW Severity | CVSS 2.5

Vulnerability Description

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2025-27443

LOW

CVSS:2.8(Low)

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

CWE-11882025

CVE-2022-20342

LOW

CVSS:3.3(Low)

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges neede...

CWE-11882022

CVE-2024-56433

LOW

CVSS:3.6(Low)

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of us...

CWE-11882024

CVE-2020-26930

LOW

CVSS:3.8(Low)

NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.

CWE-11882020

CVE-2024-30124

MEDIUM

CVSS:4.0(Medium)

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this ...

CWE-11882024

CVE-2020-11917

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, which makes it easier for remote attackers to discover the physical locations of many Siime Eye devices...

CWE-11882020