Lucene search
K

71 matches found

Prion
Prion
added 2021/12/14 2:15 p.m.20 views

Buffer overflow

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

7.5CVSS9.4AI score0.01921EPSS
Exploits0References4Affected Software6
OSV
OSV
added 2021/12/14 2:15 p.m.1 views

UBUNTU-CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8CVSS7.9AI score0.01921EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/12/14 1:26 p.m.31 views

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8AI score0.01921EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/12/14 1:26 p.m.26 views

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8CVSS9.7AI score0.01921EPSS
Exploits0
CVE
CVE
added 2021/12/14 1:26 p.m.141 views

CVE-2021-44538

CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object state is partially controllable by the remote party; crafted messages can manipulate the receiver’s session so that, for some buffer sizes, a buffer overflow ...

9.8CVSS9.4AI score0.01921EPSS
Exploits0References4Affected Software3
AlpineLinux
AlpineLinux
added 2021/12/14 1:26 p.m.59 views

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8CVSS9.7AI score0.01921EPSS
Exploits0
Veracode
Veracode
added 2021/12/14 9:32 a.m.15 views

Denial Of Service (DoS)

riot-web:edge is vulnerable to denial of service. Attackers sending a malicious sequence of messages can manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olmsessiondescribe. Furthermore, safe buffer sizes were...

9.8CVSS2.2AI score0.01921EPSS
Exploits0References7Affected Software5
FreeBSD
FreeBSD
added 2021/12/03 12:0 a.m.16 views

Matrix clients -- several vulnerabilities

Matrix developers report: Today we are releasing security updates to libolm, matrix-js-sdk, and several clients including Element Web / Desktop. Users are encouraged to upgrade as soon as possible. These releases mitigate a buffer overflow in olmsessiondescribe, a libolm debugging function used b...

2.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/09/14 8:24 p.m.54 views

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...

5.9CVSS0.1AI score0.00641EPSS
Exploits0References6Affected Software1
ArchLinux
ArchLinux
added 2021/09/14 12:0 a.m.32 views

[ASA-202109-5] element-web: information disclosure

Arch Linux Security Advisory ASA-202109-5 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-40823 Package : element-web Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2377 Summary ======= The package element-web befo...

5.9CVSS0.4AI score0.00641EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/09/13 12:0 a.m.4 views

PT-2021-22960 · Cinny +5 · Cinny +7

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 12.4.1 Element Web versions 1.8.2 and earlier Element Desktop versions 1.8.2 and earlier SchildiChat Web versions 1.7.32-sc1 and earlier SchildiChat Desktop versions 1.7.32-sc1 and earlier Cinny versions 1.2.0...

5.9CVSS5.4AI score0.00641EPSS
Exploits0References24
Rows per page
Query Builder