CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-44538
https://notcve.org/view.php?id=CVE-2021-44538
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. • https://gitlab.matrix.org/matrix-org/olm/-/tags https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk https://www.debian.org/security/2022/dsa-5034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-34813
https://notcve.org/view.php?id=CVE-2021-34813
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. Matrix libolm versiones anteriores a 3.2.3 permite a un homeserver de Matrix malicioso bloquear a un cliente (mientras intenta recuperar una copia de seguridad de la clave de la sala cifrada por Olm desde el homeserver) porque la función olm_pk_decrypt presenta un desbordamiento de búfer en la región stack de la memoria. Una ejecución de código remota podría ser posible para algunas configuraciones de construcción no estándar • https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm • CWE-787: Out-of-bounds Write •