Matrix Olm vulnerabilities

CVE-2024-45191 [MEDIUM] CWE-208 CVE-2024-45191: An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cac An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the mai

CVE-2024-45193 [MEDIUM] CWE-327 CVE-2024-45193: An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2024-45192 [MEDIUM] CWE-385 CVE-2024-45192: An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use o An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2021-44538 [CRITICAL] CWE-119 CVE-2021-44538: The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the re

CVE-2021-34813 [CRITICAL] CWE-787 CVE-2021-34813: Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attem Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.