CVE-2022-45195

Published
View on NVD ↗
CVSS v3
5.3
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.

simplex-chat/simplexmq
simplex-chat/simplexmq
⚙️ SimpleXMQ - A reference implementation of the SimpleX Messaging Protocol for simplex queues over public networks.
GitHubGitHub
801
trailofbits/publications
trailofbits/publications
Publications from Trail of Bits
GitHubGitHub
1.84K