CVE-2021-34813

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
16/06/2021
Last modified:
23/06/2021

Description

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:matrix:olm:*:*:*:*:*:*:*:* 3.2.3 (excluding)