CVE-2024-36279

Summary

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.

Affected Software

VendorProductVersion RangeStatus
FreeFrom K.K.“FreeFrom - the nostr client” App for Androidprior to 1.3.5affected
FreeFrom K.K.“FreeFrom - the nostr client” App for iOSprior to 1.3.5affected

Weaknesses

  • Reliance on obfuscation or encryption of security-relevant inputs without integrity checking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References