Vulnerability Description
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Matrix | Olm | < 3.2.3 |
Related Weaknesses (CWE)
References
- https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086bPatchVendor Advisory
- https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3Release NotesVendor Advisory
- https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolmExploitPatchVendor Advisory
- https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086bPatchVendor Advisory
- https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3Release NotesVendor Advisory
- https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolmExploitPatchVendor Advisory
FAQ
What is CVE-2021-34813?
CVE-2021-34813 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a...
How severe is CVE-2021-34813?
CVE-2021-34813 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34813?
Check the references section above for vendor advisories and patch information. Affected products include: Matrix Olm.