CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-44538 – Debian Security Advisory 5034-1
https://notcve.org/view.php?id=CVE-2021-44538
14 Dec 2021 — The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undoc... • https://gitlab.matrix.org/matrix-org/olm/-/tags • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2021-34813
https://notcve.org/view.php?id=CVE-2021-34813
16 Jun 2021 — Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. Matrix libolm versiones anteriores a 3.2.3 permite a un homeserver de Matrix malicioso bloquear a un cliente (mientras intenta recuperar una copia de seguridad de la clave de la sala cifrada por Olm ... • https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b • CWE-787: Out-of-bounds Write •