5 matches found
CVE-2021-44538
CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object state is partially controllable by the remote party; crafted messages can manipulate the receiver’s session so that, for some buffer sizes, a buffer overflow ...
CVE-2021-34813
Matrix libolm before 3.2.3 is affected. The flaw is in olm_pk_decrypt, causing a stack-based buffer overflow that can crash the client when retrieving an Olm-encrypted room key backup from a Matrix homeserver; remote code execution might be possible in some nonstandard builds. A fix is available ...
CVE-2024-45192
CVE-2024-45192 affects Matrix libolm up to version 3.2.16. The issue is a cache-timing vulnerability caused by decoding group session keys with base64 in the libolm implementation of Olm, potentially exposing timing-related information. NOTE: the vulnerability targets products that are no longer ...
CVE-2024-45191
Matrix libolm up to version 3.2.16 contains an AES implementation vulnerable to cache-timing attacks due to S-box usage in the SubWord step. This affects the libolm-based Olm library used by Matrix, with the caveat that affected products are noted as no longer supported by the maintainer. Connect...
CVE-2024-45193
CVE-2024-45193 affects Matrix libolm up to version 3.2.16 and is rooted in Ed25519 signature malleability due to missing validation criteria (does not ensure that S