CVE-2021-40824
Summary
| CVE | CVE-2021-40824 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-09-13 19:15:00 UTC |
|---|
| Updated | 2023-08-08 14:22:00 UTC |
|---|
| Description | A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Disclosing CVE-2021-40823 and CVE-2021-40824: E2EE vulnerability in multiple Matrix clients | Matrix.org |
MISC |
matrix.org |
|
| Release v1.2.2 · matrix-org/matrix-android-sdk2 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 501918 Alpine Linux Security Update for riot-web
- 503178 Alpine Linux Security Update for element-web
- 506038 Alpine Linux Security Update for element-web
- 630727 For Android Vulnerability CVE-2021-40824
- 690038 Free Berkeley Software Distribution (FreeBSD) Security Update for matrix clients (93eb0e48-14ba-11ec-875e-901b0e9408dc)
- 994936 Java (Maven) Security Update for org.matrix.android:matrix-android-sdk2 (GHSA-jjmc-4p83-pp26)
