CVE-2021-34813
published 2021-06-16CVE-2021-34813: Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.26%
89.8th percentile
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | olm | < olm 3.2.3~dfsg-3 (bookworm) | olm 3.2.3~dfsg-3 (bookworm) |
| matrix | olm | < 3.2.3 | 3.2.3 |
| matrix | olm | >= 0 < 3.2.3~dfsg-3 | 3.2.3~dfsg-3 |
| matrix | olm | >= 0 < 3.2.3~dfsg-3 | 3.2.3~dfsg-3 |
| matrix | olm | >= 0 < 3.2.3~dfsg-3 | 3.2.3~dfsg-3 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable function is `olm_pk_decrypt` in libolm — monitor for crashes or anomalous stack activity in processes calling this function when retrieving Olm encrypted room key backups from a homeserver. ↗
- →The overflow is triggered during retrieval of an Olm encrypted room key backup from a Matrix homeserver — a malicious homeserver can deliver a crafted payload to exploit this path. ↗
- →Root cause is missing input-length validation in the `olm_pk_decrypt` module — look for oversized or malformed ciphertext/key-backup payloads delivered by a homeserver to a client. ↗
- →Remote code execution is possible in nonstandard build configurations — treat any libolm build without stack-protection mitigations (e.g., no stack canaries, no NX) as high-severity RCE risk. ↗
- ·The vulnerability is fixed in libolm 3.2.3 — any deployment running libolm < 3.2.3 is vulnerable. Debian bullseye remains open/unpatched as of the tracker snapshot. ↗
- ·RCE impact is conditional on nonstandard build configurations (e.g., absence of stack-hardening compiler flags); standard builds are limited to DoS (crash). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Olm vulnerability
vendor_ubuntu·2021-12-15
CVE-2021-34813 Olm vulnerability
Title: Olm vulnerability
Summary: Olm could be made to crash or run programs if it received specially crafted
input.
Denis Kasak discovered that Olm was not verifying the length of input being
processed by the olm_pk_decrypt module, which introduced a stack-based buffer
overflow vulnerability to the library. An attacker could use this to
cause a denial of service (application crash) or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-34813: olm - Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a clien...
vendor_debian·2021·CVSS 9.8
CVE-2021-34813 [CRITICAL] CVE-2021-34813: olm - Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a clien...
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
Scope: local
bookworm: resolved (fixed in 3.2.3~dfsg-3)
bullseye: open
forky: resolved (fixed in 3.2.3~dfsg-3)
sid: resolved (fixed in 3.2.3~dfsg-3)
trixie: resolved (fixed in 3.2.3~dfsg-3)
GHSA
GHSA-269w-9hm6-g22q: Matrix libolm before 3
ghsa_unreviewed·2022-05-24
CVE-2021-34813 [CRITICAL] CWE-787 GHSA-269w-9hm6-g22q: Matrix libolm before 3
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
OSV
CVE-2021-34813: Matrix libolm before 3
osv·2021-06-16·CVSS 9.8
CVE-2021-34813 [CRITICAL] CVE-2021-34813: Matrix libolm before 3
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
No detection rules found.
No public exploits indexed.
https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901bhttps://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolmhttps://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901bhttps://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm
2021-06-16
Published