First published: Tue Dec 14 2021(Updated: )
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/olm | <=3.2.1~dfsg-7 | 2.2.2+git20170526.0fd768e+dfsg-1 3.2.13~dfsg-1 |
debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.3.1-1~deb10u1 1:102.13.1-1~deb11u1 1:115.3.1-1~deb11u1 1:102.15.1-1~deb12u1 1:115.3.1-1~deb12u1 1:115.3.1-1 | |
Mozilla Thunderbird | <91.4.1 | 91.4.1 |
Matrix Element | <1.9.7 | |
Matrix Element | <1.9.7 | |
Matrix Javascript SDK | >=2.4.2<15.2.1 | |
Matrix Olm | >=3.1.4<3.2.8 | |
Schildi Schildichat | <1.9.7-sc1 | |
Schildi Schildichat | <1.9.7-sc1 | |
Cinny Project Cinny | <1.6.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
<1.9.7 | ||
<1.9.7 | ||
>=2.4.2<15.2.1 | ||
>=3.1.4<3.2.8 | ||
<1.9.7-sc1 | ||
<1.9.7-sc1 | ||
<1.6.0 | ||
=9.0 | ||
=10.0 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44538 is a vulnerability in the Matrix libolm library that allows attackers to trigger a buffer overflow.
CVE-2021-44538 affects Mozilla Thunderbird, Matrix Element, Matrix Javascript SDK, Schildi Schildichat, Cinny Project Cinny, and Debian Linux.
CVE-2021-44538 has a severity rating of 9.8 (Critical).
To fix CVE-2021-44538, users should update to the latest versions of the affected software, such as Mozilla Thunderbird 91.4.1 and Matrix Element 1.9.7.
More information about CVE-2021-44538 can be found in the Mozilla bugzilla and security advisories, as well as the Matrix libolm GitLab repository.