CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45191
https://notcve.org/view.php?id=CVE-2024-45191
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. • https://gitlab.matrix.org/matrix-org/olm • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45192
https://notcve.org/view.php?id=CVE-2024-45192
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. • https://gitlab.matrix.org/matrix-org/olm • CWE-385: Covert Timing Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45193
https://notcve.org/view.php?id=CVE-2024-45193
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). • https://gitlab.matrix.org/matrix-org/olm • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-44538 – Debian Security Advisory 5034-1
https://notcve.org/view.php?id=CVE-2021-44538
14 Dec 2021 — The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undoc... • https://gitlab.matrix.org/matrix-org/olm/-/tags • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2021-34813
https://notcve.org/view.php?id=CVE-2021-34813
16 Jun 2021 — Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. Matrix libolm versiones anteriores a 3.2.3 permite a un homeserver de Matrix malicioso bloquear a un cliente (mientras intenta recuperar una copia de seguridad de la clave de la sala cifrada por Olm ... • https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b • CWE-787: Out-of-bounds Write •