[Pkg-matrix-maintainers] Bug#989997: olm: CVE-2021-34813
Hubert Chathi
uhoreg at debian.org
Thu Jun 17 22:49:09 BST 2021
On Thu, 17 Jun 2021 15:45:22 +0200, Salvatore Bonaccorso <carnil at debian.org> said:
> The following vulnerability was published for olm.
> CVE-2021-34813[0]:
> | Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to
> | crash a client (while it is attempting to retrieve an Olm encrypted
> | room key backup from the homeserver) because olm_pk_decrypt has a
> | stack-based buffer overflow. Remote code execution might be possible
> | for some nonstandard build configurations.
FWIW, no application in buster uses the affected function.
--
Hubert Chathi <uhoreg at debian.org> -- https://www.uhoreg.ca/
Jabber: hubert at uhoreg.ca -- Matrix: @uhoreg:matrix.org
PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
More information about the Pkg-matrix-maintainers
mailing list