All errata/sisyphus/ALT-PU-2024-18233-1
ALT-PU-2024-18233-1

Package update keepassxc in branch sisyphus

Version2.7.8-alt1
Task#347752
Published2024-05-09
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2024-33900
MEDIUM6.5

KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Published: 2024-05-20Modified: 2025-06-13
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
References
CVE-2024-33901
MEDIUM6.5

Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.

Published: 2024-05-20Modified: 2025-06-13
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References