CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:keybase:keybase:5.8.0:*:*:*:*:android:*:*
cpe:2.3:a:keybase:keybase:5.8.0:*:*:*:*:iphone_os:*:*

History

16 Nov 2021, 18:50

Type Values Removed Values Added
References (MISC) https://explore.zoom.us/en/trust/security/security-bulletin - (MISC) https://explore.zoom.us/en/trust/security/security-bulletin - Third Party Advisory
CPE cpe:2.3:a:keybase:keybase:5.8.0:*:*:*:*:android:*:*
cpe:2.3:a:keybase:keybase:5.8.0:*:*:*:*:iphone_os:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 4.3
CWE CWE-200

12 Nov 2021, 16:28

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-11 23:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-34421

Mitre link : CVE-2021-34421

CVE.ORG link : CVE-2021-34421


JSON object : View

Products Affected

keybase

  • keybase
CWE
CWE-459

Incomplete Cleanup