1 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. • https://gitlab.matrix.org/matrix-org/olm/-/tags https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk https://www.debian.org/security/2022/dsa-5034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •