Matrix Element vulnerabilities

CVE-2021-44538 [CRITICAL] CWE-119 CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the re

CVE-2021-40824 [MEDIUM] CWE-290 CVE-2021-40824: A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-andro A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating