CVE-2021-44538

Published: Dic 14, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-31369 Aliases: GSD-2021-44538
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0142
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Element by Matrix

Product Information
Vendor Matrix
Product Element
Version Range Affected
To 1.9.7 (exclusive)
cpe:2.3:a:matrix:element:*:*:*:*:desktop:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Olm by Matrix

Product Information
Vendor Matrix
Product Olm
Version Range Affected
From 3.1.4 (inclusive)
To 3.2.8 (exclusive)
cpe:2.3:a:matrix:olm:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Cinny by Cinny Project

Product Information
Vendor Cinny Project
Product Cinny
Version Range Affected
To 1.6.0 (exclusive)
cpe:2.3:a:cinny_project:cinny:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Element by Matrix

Product Information
Vendor Matrix
Product Element
Version Range Affected
To 1.9.7 (exclusive)
cpe:2.3:a:matrix:element:*:*:*:*:web:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Schildichat by Schildi

Product Information
Vendor Schildi
Product Schildichat
Version Range Affected
To 1.9.7-sc1 (exclusive)
cpe:2.3:a:schildi:schildichat:*:*:*:*:desktop:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Schildichat by Schildi

Product Information
Vendor Schildi
Product Schildichat
Version Range Affected
To 1.9.7-sc1 (exclusive)
cpe:2.3:a:schildi:schildichat:*:*:*:*:web:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Javascript Sdk by Matrix

Product Information
Vendor Matrix
Product Javascript Sdk
Version Range Affected
From 2.4.2 (inclusive)
To 15.2.1 (exclusive)
cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://gitlab.matrix.org/matrix-org/olm/-/tags
Product Third Party Advisory
https://gitlab.matrix.org/matrix-org/olm/-/tags
https://lists.debian.org/debian-lts-announce/2022/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
https://matrix.org/blog/2021/12/13/disclosure-buffer-overfl…
Patch Vendor Advisory
https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-mat…
https://www.debian.org/security/2022/dsa-5034
Third Party Advisory
https://www.debian.org/security/2022/dsa-5034
https://gitlab.matrix.org/matrix-org/olm/-/tags
Product Third Party Advisory
https://gitlab.matrix.org/matrix-org/olm/-/tags
https://lists.debian.org/debian-lts-announce/2022/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
https://matrix.org/blog/2021/12/13/disclosure-buffer-overfl…
Patch Vendor Advisory
https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-mat…
https://www.debian.org/security/2022/dsa-5034
Third Party Advisory
https://www.debian.org/security/2022/dsa-5034