Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 829221 (CVE-2021-44538)

Summary: [Tracker] Buffer overflow in Matrix libolm
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: voyageur
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 829222, 829223    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-15 01:58:24 UTC 
CVE-2021-44538:

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

1.9.7 is the fixed Element.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 00:55:33 UTC 
Blockers closed.