5 matches found
CVE-2026-39823
CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...
Buffer overflow
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
Denial Of Service (DoS)
riot-web:edge is vulnerable to denial of service. Attackers sending a malicious sequence of messages can manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olmsessiondescribe. Furthermore, safe buffer sizes were...