PT-2021-24126 · Unknown+8 · Matrix Libolm+8

Brevilo

·

Published

2021-12-14

·

Updated

2024-06-15

·

CVE-2021-44538

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Matrix libolm versions prior to 3.2.7 Element Web (affected versions not specified) SchildiChat Web (affected versions not specified)
Description: The olm session describe function is vulnerable to a buffer overflow. This function represents a cryptographic channel between two parties, and its state is partially controllable by the remote party. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session, causing a buffer overflow for certain buffer sizes. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits.
Recommendations: For Matrix libolm versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. For Element Web, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SchildiChat Web, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-3584
ALT-PU-2021-3625
ALT-PU-2021-3638
ALT-PU-2022-1783
ALT-PU-2024-1982
CVE-2021-44538
DLA-2874-1
DSA-5034-1
MGASA-2021-0571
MGASA-2021-0584
OPENSUSE-SU-2022:0058-1
OPENSUSE-SU-2022_0058-1
OPENSUSE-SU-2024:11698-1
SUSE-SU-2022:0058-1
USN-5246-1
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Debian
Element Web
Linuxmint
Matrix Libolm
Schildichat Web
Suse
Ubuntu