CVE-2021-44538

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44538
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44538.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44538
Related
Published
2021-12-14T14:15:09Z
Modified
2024-09-18T03:17:47.360624Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olmsessiondescribe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

References

Affected packages

Debian:11 / olm

Package

Name
olm
Purl
pkg:deb/debian/olm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1~dfsg-7
3.2.3~dfsg-1
3.2.3~dfsg-2
3.2.3~dfsg-3
3.2.4~dfsg-1
3.2.6~dfsg-1
3.2.6~dfsg-2
3.2.7~dfsg-1
3.2.7~dfsg-2
3.2.8~dfsg-1
3.2.10~dfsg-1
3.2.10~dfsg-2
3.2.10~dfsg-3
3.2.10~dfsg-4
3.2.10~dfsg-5
3.2.10~dfsg-6
3.2.11~dfsg-1~bpo11+1
3.2.11~dfsg-1
3.2.12~dfsg-1
3.2.13~dfsg-1
3.2.15~dfsg-1
3.2.16+dfsg-1
3.2.16+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / olm

Package

Name
olm
Purl
pkg:deb/debian/olm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.8~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / olm

Package

Name
olm
Purl
pkg:deb/debian/olm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.8~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.4.1-1~deb11u1

Affected versions

1:78.*

1:78.12.0-1
1:78.13.0-1~deb9u1
1:78.13.0-1~deb10u1
1:78.13.0-1~deb11u1
1:78.13.0-1
1:78.14.0-1~deb9u1
1:78.14.0-1~deb10u1
1:78.14.0-1~deb11u1
1:78.14.0-1

1:84.*

1:84.0~b3-1

1:85.*

1:85.0~b3-1

1:86.*

1:86.0~b3-1

1:88.*

1:88.0~b2-1

1:89.*

1:89.0~b2-1

1:90.*

1:90.0~b2-1

1:91.*

1:91.0~b1-1
1:91.0~b3-1
1:91.0~b5-1
1:91.0-1
1:91.0.2-1
1:91.1.0-1
1:91.1.1-1
1:91.2.0-1
1:91.2.1-1
1:91.3.0-1
1:91.3.2-1
1:91.4.0-1
1:91.4.1-1~deb9u1
1:91.4.1-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / thunderbird

Package

Name
thunderbird
Purl
pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:91.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ajbura/cinny

Affected ranges

Type
GIT
Repo
https://github.com/ajbura/cinny
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/matrix-org/matrix-js-sdk
Events
Type
GIT
Repo
https://github.com/schildichat/schildichat-desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/vector-im/element-desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/vector-im/element-web
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://gitlab.matrix.org/matrix-org/olm
Events

Affected versions

3.*

3.1.4
3.1.5
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7

v0.*

v0.1.2
v0.10.0
v0.10.0-rc.2
v0.10.1
v0.10.2
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.1
v0.11.2
v0.11.2-rc.1
v0.11.2-rc.2
v0.11.3
v0.11.4
v0.12.0-rc.1
v0.12.1
v0.12.1-rc.1
v0.12.2
v0.12.3
v0.12.3-rc.1
v0.12.3-rc.2
v0.12.3-rc.3
v0.12.4
v0.12.4-rc.1
v0.12.5
v0.12.6
v0.12.7
v0.12.7-rc.1
v0.12.7-rc.2
v0.12.7-rc.3
v0.13.0
v0.13.0-rc.1
v0.13.0-rc.2
v0.13.0-rc.3
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.1
v0.14.2
v0.14.2-rc.1
v0.14.2-rc.2
v0.14.2-rc.3
v0.14.3-rc.1
v0.15.0
v0.15.0-rc.1
v0.15.0-rc.2
v0.15.0-rc.3
v0.15.0-rc.4
v0.15.0-rc.5
v0.15.0-rc.6
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.4-rc.1
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.6-rc.1
v0.15.6-rc.2
v0.15.7
v0.15.7-rc.1
v0.15.7-rc.2
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.1-rc.1
v0.16.2
v0.16.3
v0.16.3-rc.1
v0.16.3-rc.2
v0.16.4
v0.16.4-rc.1
v0.16.5
v0.16.5-rc.1
v0.16.6
v0.17.0
v0.17.0-rc.1
v0.17.1
v0.17.2
v0.17.3
v0.17.3-rc.1
v0.17.4
v0.17.5
v0.17.6
v0.17.6-rc.1
v0.17.6-rc.2
v0.17.7
v0.17.8
v0.17.8-rc.1
v0.17.9
v0.17.9-rc.1
v0.3.0
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.4-r1
v0.7.5
v0.7.5-r1
v0.7.5-r2
v0.7.5-r3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.10
v0.9.10-rc.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.6-rc.1
v0.9.7
v0.9.7-rc.1
v0.9.7-rc.2
v0.9.7-rc.3
v0.9.8
v0.9.8-rc.1
v0.9.8-rc.2
v0.9.8-rc.3
v0.9.9
v0.9.9-rc.1
v0.9.9-rc.2

v1.*

v1.0.0
v1.0.0-rc.1
v1.0.0-rc.2
v1.0.1
v1.0.2
v1.0.2-rc.1
v1.0.2-rc.2
v1.0.2-rc.3
v1.0.3
v1.0.4
v1.0.4-rc.1
v1.0.5
v1.0.6
v1.0.6-rc.1
v1.0.7
v1.0.8
v1.1.0
v1.1.0-rc.1
v1.1.1
v1.1.2
v1.2.0
v1.2.0-rc.1
v1.2.1
v1.2.2
v1.2.2-rc.1
v1.2.2-rc.2
v1.2.3
v1.2.3-rc.1
v1.2.4
v1.3.0
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.3.1
v1.3.1-rc.1
v1.3.2
v1.3.3
v1.3.4
v1.3.4-rc.1
v1.3.5
v1.3.5-rc.1
v1.3.5-rc.2
v1.3.5-rc.3
v1.3.6
v1.4.0
v1.4.0-rc.1
v1.4.0-rc.2
v1.4.1
v1.4.2
v1.4.2-rc.1
v1.5.0
v1.5.0-rc.1
v1.5.1
v1.5.1-rc.1
v1.5.1-rc.2
v1.5.10
v1.5.11
v1.5.11-rc.1
v1.5.12
v1.5.13
v1.5.13-rc.1
v1.5.14
v1.5.14-rc.1
v1.5.15
v1.5.16-rc.1
v1.5.2
v1.5.3
v1.5.4
v1.5.4-rc.1
v1.5.4-rc.2
v1.5.5
v1.5.6
v1.5.6-rc.1
v1.5.7
v1.5.7-rc.1
v1.5.7-rc.2
v1.5.8
v1.5.8-rc.1
v1.5.8-rc.2
v1.5.9
v1.5.9-rc.1
v1.6.0
v1.6.0-rc.1
v1.6.0-rc.2
v1.6.0-rc.3
v1.6.0-rc.4
v1.6.0-rc.5
v1.6.0-rc.6
v1.6.1
v1.6.1-rc.1
v1.6.2
v1.6.3
v1.6.3-rc.1
v1.6.4
v1.6.5
v1.6.6
v1.6.6-rc.1
v1.6.7
v1.6.8
v1.6.8-rc.1
v1.7.0
v1.7.1
v1.7.10
v1.7.11
v1.7.11-rc.1
v1.7.12
v1.7.13
v1.7.13-rc.1
v1.7.14
v1.7.14-rc.1
v1.7.15
v1.7.15-rc.1
v1.7.16
v1.7.16-rc.1
v1.7.17
v1.7.17-rc.1
v1.7.17-sc1
v1.7.18
v1.7.19
v1.7.19-rc.1
v1.7.2
v1.7.20
v1.7.20-sc1
v1.7.21
v1.7.21-rc.1
v1.7.22
v1.7.22-rc.1
v1.7.22-sc1
v1.7.23
v1.7.23-rc.1
v1.7.24
v1.7.24-rc.1
v1.7.24-sc1
v1.7.25
v1.7.25-rc.1
v1.7.26
v1.7.26-rc.1
v1.7.27
v1.7.27-rc.1
v1.7.28
v1.7.28-rc.1
v1.7.29
v1.7.29-rc.1
v1.7.29-sc1
v1.7.3
v1.7.3-rc.1
v1.7.30
v1.7.30-rc.1
v1.7.31
v1.7.31-rc.1
v1.7.32
v1.7.32-rc.1
v1.7.32-sc1
v1.7.33
v1.7.33-rc.1
v1.7.34
v1.7.34-rc.1
v1.7.4
v1.7.4-rc.1
v1.7.5
v1.7.5-rc.1
v1.7.6
v1.7.6-rc.1
v1.7.7
v1.7.8
v1.7.8-rc.1
v1.7.9
v1.7.9-rc.1
v1.8.0
v1.8.0-rc.1
v1.8.1
v1.8.2
v1.8.2-rc.1
v1.8.2-rc.2
v1.8.2-rc.3
v1.8.3-rc.1
v1.8.3-rc.2
v1.8.4
v1.8.4-sc1
v1.8.5
v1.8.5-sc1
v1.8.6-rc.1
v1.8.6-rc.2
v1.9.0
v1.9.0-sc.1
v1.9.1
v1.9.1-rc.1
v1.9.1-rc.2
v1.9.2
v1.9.3
v1.9.3-rc.1
v1.9.3-rc.2
v1.9.3-rc.3
v1.9.4
v1.9.4-rc.1
v1.9.5
v1.9.5-rc.1
v1.9.5-sc.2
v1.9.6
v1.9.6-rc.2

v10.*

v10.0.0
v10.0.0-rc.1
v10.1.0
v10.1.0-rc.1

v11.*

v11.0.0
v11.0.0-rc.1
v11.1.0
v11.1.0-rc.1
v11.2.0
v11.2.0-rc.1

v12.*

v12.0.0
v12.0.0-rc.1
v12.0.1
v12.0.1-rc.1
v12.1.0
v12.1.0-rc.1
v12.2.0
v12.2.0-rc.1
v12.3.0
v12.3.0-rc.1
v12.3.0-rc.2
v12.3.1
v12.4.0
v12.4.0-rc.1
v12.4.1
v12.5.0
v12.5.0-rc.1

v13.*

v13.0.0
v13.0.0-rc.1

v14.*

v14.0.0
v14.0.0-rc.1
v14.0.0-rc.2
v14.0.1

v15.*

v15.0.0
v15.0.0-rc.1
v15.1.0
v15.1.0-rc.1
v15.1.1
v15.1.1-rc.1
v15.2.0
v15.2.0-rc.1

v2.*

v2.4.2
v2.4.3
v2.4.3-rc.1
v2.4.4
v2.4.4-rc.1
v2.4.5
v2.4.6
v2.4.6-rc.1

v3.*

v3.0.0
v3.0.0-rc.1

v4.*

v4.0.0
v4.0.0-rc.1

v5.*

v5.0.0
v5.0.0-rc.1
v5.0.1
v5.1.0
v5.1.0-rc.1
v5.1.1
v5.1.1-rc.1
v5.2.0
v5.2.0-rc.1
v5.3.0-rc.1
v5.3.1-rc.1
v5.3.1-rc.2
v5.3.1-rc.3
v5.3.1-rc.4

v6.*

v6.0.0
v6.0.0-rc.1
v6.0.0-rc.2
v6.1.0
v6.1.0-rc.1
v6.2.0
v6.2.0-rc.1
v6.2.1
v6.2.2

v7.*

v7.0.0
v7.0.0-rc.1
v7.1.0
v7.1.0-rc.1

v8.*

v8.0.0
v8.0.1
v8.0.1-rc.1
v8.1.0
v8.1.0-rc.1
v8.2.0
v8.2.0-rc.1
v8.3.0
v8.3.0-rc.1
v8.4.0
v8.4.0-rc.1
v8.4.1
v8.5.0
v8.5.0-rc.1

v9.*

v9.0.0
v9.0.0-rc.1
v9.0.1
v9.1.0
v9.1.0-rc.1
v9.10.0
v9.10.0-rc.1
v9.11.0
v9.11.0-rc.1
v9.2.0
v9.2.0-rc.1
v9.3.0
v9.3.0-rc.1
v9.4.0
v9.4.0-rc.1
v9.4.0-rc.2
v9.4.1
v9.5.0
v9.5.0-rc.1
v9.5.1
v9.6.0
v9.6.0-rc.1
v9.7.0
v9.7.0-rc.1
v9.8.0
v9.8.0-rc.1
v9.9.0
v9.9.0-rc.1