CVE-2021-44538

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-12-2021 03:15

Last modified: - 12-04-2022 08:15

Total changes: - 5

Description

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=matrix AND product=element AND software_edition=desktop AND versionEndExcluding=1.9.7

vendor=matrix AND product=element AND software_edition=web AND versionEndExcluding=1.9.7

vendor=matrix AND product=javascript_sdk AND versionStartIncluding=2.4.2 AND versionEndExcluding=15.2.1

vendor=matrix AND product=olm AND versionStartIncluding=3.1.4 AND versionEndExcluding=3.2.8

vendor=schildi AND product=schildichat AND software_edition=desktop AND versionEndExcluding=1.9.7-sc1

vendor=schildi AND product=schildichat AND software_edition=web AND versionEndExcluding=1.9.7-sc1

vendor=cinny_project AND product=cinny AND versionEndExcluding=1.6.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=Debian AND product=debian_linux AND version=11.0

Reference

https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
https://gitlab.matrix.org/matrix-org/olm/-/tags
DSA-5034-Third Party Advisory
[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update-Mailing List, Third Party Advisory

Keywords

CVE-2021-44538

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-44538

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures