Brevilo

Name of the Vulnerable Software and Affected Versions: Matrix libolm versions prior to 3.2.7 Element Web (affected versions not specified) SchildiChat Web (affected versions not specified) Description: The olm session describe function is vulnerable to a buffer overflow. This function represents a cryptographic channel between two parties, and its state is partially controllable by the remote party. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session, causing a buffer overflow for certain buffer sizes. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. Recommendations: For Matrix libolm versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. For Element Web, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SchildiChat Web, at the moment, there is no information about a newer version that contains a fix for this vulnerability.