Lucene search
K

5 matches found

CVE
CVE
added 2021/12/14 1:26 p.m.141 views

CVE-2021-44538

CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object state is partially controllable by the remote party; crafted messages can manipulate the receiver’s session so that, for some buffer sizes, a buffer overflow ...

9.8CVSS9.4AI score0.01921EPSS
CVE
CVE
added 2021/06/16 5:11 p.m.120 views

CVE-2021-34813

Matrix libolm before 3.2.3 is affected. The flaw is in olm_pk_decrypt, causing a stack-based buffer overflow that can crash the client when retrieving an Olm-encrypted room key backup from a Matrix homeserver; remote code execution might be possible in some nonstandard builds. A fix is available ...

9.8CVSS9.6AI score0.04262EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.78 views

CVE-2024-45192

CVE-2024-45192 affects Matrix libolm up to version 3.2.16. The issue is a cache-timing vulnerability caused by decoding group session keys with base64 in the libolm implementation of Olm, potentially exposing timing-related information. NOTE: the vulnerability targets products that are no longer ...

5.3CVSS7.5AI score0.00536EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.63 views

CVE-2024-45191

Matrix libolm up to version 3.2.16 contains an AES implementation vulnerable to cache-timing attacks due to S-box usage in the SubWord step. This affects the libolm-based Olm library used by Matrix, with the caveat that affected products are noted as no longer supported by the maintainer. Connect...

5.3CVSS9.4AI score0.00454EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.60 views

CVE-2024-45193

CVE-2024-45193 affects Matrix libolm up to version 3.2.16 and is rooted in Ed25519 signature malleability due to missing validation criteria (does not ensure that S

4.3CVSS6.2AI score0.00284EPSS