Buffer Overflow Vulnerability in Matrix libolm Affects Client Operations
CVE-2021-34813

9.8CRITICAL

Key Information:

Vendor

Matrix

Status
Olm
Vendor
CVE Published:
16 June 2021

What is CVE-2021-34813?

Matrix libolm versions prior to 3.2.3 contain a buffer overflow vulnerability that can allow a malicious Matrix homeserver to crash clients during the retrieval of an Olm encrypted room key backup. The flaw occurs in the olm_pk_decrypt function, and in certain nonstandard build configurations, it may also lead to potential remote code execution.

References

https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-...
x_refsource_MISC
https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3
x_refsource_MISC
https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d12...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.