CVE-2021-34421: Retained exploded messages in Keybase Clients for Android and iOS
First published: Thu Nov 11 2021(Updated: )
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer's device.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Keybase Keybase | =5.8.0 | |
| Keybase Keybase | =5.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-34421.
What is the severity of CVE-2021-34421?
The severity of CVE-2021-34421 is medium with a severity value of 4.3.
Which software versions are affected by CVE-2021-34421?
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 are affected.
How can the vulnerability be exploited?
The vulnerability can be exploited by a receiving user placing the chat session in the background while the sending user explodes the messages.
Is there a fix available for CVE-2021-34421?
Yes, updating to Keybase Client for Android version 5.8.0 or Keybase Client for iOS version 5.8.0 will fix the vulnerability.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- vendor/keybase
- canonical/keybase keybase
- version/keybase keybase/5.8.0