#VU59080 Buffer overflow in olm


Published: 2021-12-21

Vulnerability identifier: #VU59080

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-44538

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
olm
Universal components / Libraries / Libraries used by multiple products

Vendor: Matrix.org

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error within the olm_session_describe() function in libolm. A remote attacker send specially crafted messages to the application that is using the affected library, trigger buffer overflow and perform a denial of service (DoS) attack

Mitigation
Install updates from vendor's website.

Vulnerable software versions

olm: 3.0.0 - 3.2.7

CPE

External links
http://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
http://gitlab.matrix.org/matrix-org/olm/-/tags

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


SUSE update for MozillaThunderbird
Debian update for thunderbird
Multiple vulnerabilities in Mozilla Thunderbird
Denial of service in matrix-js-sdk
Buffer overflow in Matrix olm (libolm)