Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2024-45193

Medium priority
Needs evaluation

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE:...

1 affected packages

olm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
olm Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45192

Medium priority
Needs evaluation

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects...

1 affected packages

olm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
olm Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45191

Medium priority
Needs evaluation

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to...

1 affected packages

olm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
olm Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-29197

Medium priority

Some fixes available 3 of 9

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While...

2 affected packages

php-guzzlehttp-psr7, php-nyholm-psr7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-guzzlehttp-psr7 Not affected Fixed Fixed Not in release Ignored
php-nyholm-psr7 Not affected Fixed Ignored Not in release Ignored
Show less packages

CVE-2021-44538

Medium priority

Some fixes available 8 of 26

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by...

3 affected packages

node-matrix-js-sdk, olm, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-matrix-js-sdk Needs evaluation Needs evaluation Needs evaluation Ignored
olm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
thunderbird Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2021-34813

Medium priority

Some fixes available 1 of 4

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow....

1 affected packages

olm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
olm Not affected Not affected Fixed Not affected Not in release
Show less packages