CRITICAL🇬🇧 English

CVE-2021-34813

CVSS 9.8v3.1pub. 2021-06-16upd. 2024-11-21

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Matrix Olm

    APP
    Matrix
    < 3.2.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2021-44538CRITICAL9.8ten sam produkt

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm se...

CVE-2024-45191MEDIUM5.3ten sam produkt

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing ...

CVE-2024-45192MEDIUM5.3ten sam produkt

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 w...

CVE-2024-45193MEDIUM4.3ten sam produkt

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack o...

CVE-2023-38686CRITICAL9.3ten sam vendor

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to ...