CVE-2021-44538

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-44538
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44538.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-44538
Downstream
Related
Published
2021-12-14T14:15:09.410Z
Modified
2026-05-28T04:07:09.756340907Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olmsessiondescribe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "cinny_project:cinny",
            "extracted_events": [
                {
                    "fixed": "1.6.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:cinny_project:cinny:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "matrix:element",
            "extracted_events": [
                {
                    "fixed": "1.9.7"
                },
                {
                    "fixed": "1.9.7"
                },
                {
                    "fixed": "1.9.7"
                },
                {
                    "fixed": "1.9.7"
                }
            ],
            "cpes": [
                "cpe:2.3:a:matrix:element:*:*:*:*:desktop:*:*:*",
                "cpe:2.3:a:matrix:element:*:*:*:*:web:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                },
                {
                    "last_affected": "10.0"
                },
                {
                    "last_affected": "11.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git
github.com/matrix-org/matrix-js-sdk

Affected ranges

Type
GIT
Repo
https://github.com/matrix-org/matrix-js-sdk
Events
Introduced
c874783742f17921830aa274106d65e3e8af903c
Fixed
f4839a3b4f1877111b2e0360a1b3b0dd2047193e
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.4.2"
        },
        {
            "fixed": "15.2.1"
        }
    ],
    "cpe": "cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44538.json"
github.com/schildichat/schildichat-desktop

Affected ranges

Type
GIT
Repo
https://github.com/schildichat/schildichat-desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5aaedf0f19ba337fcc837955eb6171f7c6ebc311
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.9.7-sc1"
        }
    ],
    "cpe": [
        "cpe:2.3:a:schildi:schildichat:*:*:*:*:desktop:*:*:*",
        "cpe:2.3:a:schildi:schildichat:*:*:*:*:web:*:*:*"
    ],
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17-sc1
v1.7.20-sc1
v1.7.22-sc1
v1.7.24-sc1
v1.7.29-sc1
v1.7.32-sc1
v1.7.8
v1.8.4-sc1
v1.8.5-sc1
v1.9.0-sc.1
v1.9.5-sc.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44538.json"
gitlab.matrix.org/matrix-org/olm

Affected ranges

Type
GIT
Repo
https://gitlab.matrix.org/matrix-org/olm
Events
Introduced
6753595300767dd70150831dbbe6f92d64e75038
Fixed
797183f27f1c8cdb9d4551aaa317bd13ff02401b
Database specific 
{
    "extracted_events": [
        {
            "introduced": "3.1.4"
        },
        {
            "fixed": "3.2.8"
        }
    ],
    "cpe": "cpe:2.3:a:matrix:olm:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

3.*
3.1.4
3.1.5
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44538.json"