Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-44538

Severity CVSS v4.0:
Pending analysis
Type:
CWE-119 Buffer Errors
Publication date:
14/12/2021
Last modified:
08/08/2023

Description

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vector 2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0
7.50
Severity 2.0
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:matrix:element:*:*:*:*:desktop:*:*:* 1.9.7 (excluding)
cpe:2.3:a:matrix:element:*:*:*:*:web:*:*:* 1.9.7 (excluding)
cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:* 2.4.2 (including) 15.2.1 (excluding)
cpe:2.3:a:matrix:olm:*:*:*:*:*:*:*:* 3.1.4 (including) 3.2.8 (excluding)
cpe:2.3:a:schildi:schildichat:*:*:*:*:desktop:*:*:* 1.9.7-sc1 (excluding)
cpe:2.3:a:schildi:schildichat:*:*:*:*:web:*:*:* 1.9.7-sc1 (excluding)
cpe:2.3:a:cinny_project:cinny:*:*:*:*:*:*:*:* 1.6.0 (excluding)
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools