Buffer Overflow Vulnerability in Matrix libolm Affects Element Web and SchildiChat Web
CVE-2021-44538

9.8CRITICAL

Key Information:

Vendor

Matrix

Status
Element
Javascript Sdk
Olm
Vendor
CVE Published:
14 December 2021

What is CVE-2021-44538?

Matrix libolm, prior to version 3.2.7, contains a buffer overflow vulnerability in the olm_session_describe function. This function is responsible for managing the state of a cryptographic channel between two parties, allowing an attacker to manipulate the session state. By crafting a specific sequence of messages, an attacker could trigger a buffer overflow during the call to olm_session_describe, particularly when using certain buffer sizes. The vulnerable state is partially controllable by the attacker, limited to ASCII characters such as spaces and digits, thus posing a serious risk to the integrity of the session.

References

https://gitlab.matrix.org/matrix-org/olm/-/tags
x_refsource_MISC
https://matrix.org/blog/2021/12/13/disclosure-buffer-over...
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5034
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.