Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-44538

Опубликовано: 14 дек. 2021
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:matrix:element:*:*:*:*:desktop:*:*:*
Версия до 1.9.7 (исключая)
cpe:2.3:a:matrix:element:*:*:*:*:web:*:*:*
Версия до 1.9.7 (исключая)
cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*
Версия от 2.4.2 (включая) до 15.2.1 (исключая)
cpe:2.3:a:matrix:olm:*:*:*:*:*:*:*:*
Версия от 3.1.4 (включая) до 3.2.8 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:schildi:schildichat:*:*:*:*:desktop:*:*:*
Версия до 1.9.7-sc1 (исключая)
cpe:2.3:a:schildi:schildichat:*:*:*:*:web:*:*:*
Версия до 1.9.7-sc1 (исключая)
Конфигурация 3
cpe:2.3:a:cinny_project:cinny:*:*:*:*:*:*:*:*
Версия до 1.6.0 (исключая)
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01416
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2021-44538

CVSS3: 9.8
ubuntu
около 4 лет назад

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

debian логотип

CVE-2021-44538

CVSS3: 9.8
debian
около 4 лет назад

The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...

github логотип

GHSA-q7f4-j236-f4hc

CVSS3: 9.8
github
около 4 лет назад

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

suse-cvrf логотип

openSUSE-SU-2022:0058-1

suse-cvrf
около 4 лет назад

Security update for MozillaThunderbird

suse-cvrf логотип

SUSE-SU-2022:0058-1

suse-cvrf
около 4 лет назад

Security update for MozillaThunderbird

EPSS

Процентиль: 80%
0.01416
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-119