Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-44538

Published: 14/12/2021 Updated: 08/08/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Element

Vulnerability Summary

The olm_session_describe function in Matrix libolm prior to 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

matrix element

matrix javascript sdk

matrix olm

schildi schildichat

cinny project cinny

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5034-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures For the oldstable distribution (buster), these problems have been fixed in version 1:9141-1~deb10u1 For ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 91.4.1
Mozilla Foundation Security Advisory 2021-55 Security Vulnerabilities fixed in Thunderbird 9141 Announced December 21, 2021 Impact moderate Products Thunderbird Fixed in Thunderbird 9141 ...
Arch Linux Issues:
The olm_session_describe function in Matrix libolm before version 328 is vulnerable to a buffer overflow The Olm session object represents a cryptographic channel between two parties Therefore, its state is partially controllable by the remote party of the channel Attackers can construct a crafted sequence of messages to manipulate the state o ...

References

CWE-119https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdkhttps://gitlab.matrix.org/matrix-org/olm/-/tagshttps://www.debian.org/security/2022/dsa-5034https://lists.debian.org/debian-lts-announce/2022/01/msg00001.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5034
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook