CVE-2024-36289

Summary

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.

Affected Software

VendorProductVersion RangeStatus
FreeFrom K.K.“FreeFrom - the nostr client” App for Androidprior to 1.3.5affected
FreeFrom K.K.“FreeFrom - the nostr client” App for iOSprior to 1.3.5affected

Weaknesses

  • Reusing a nonce, key pair in encryption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References