Search CVE reports
1 – 6 of 6 results
CVE-2024-45193
Medium priorityAn issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE:...
1 affected packages
olm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
olm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-45192
Medium priorityAn issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects...
1 affected packages
olm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
olm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-45191
Medium priorityAn issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to...
1 affected packages
olm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
olm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-29197
Medium prioritySome fixes available 3 of 9
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While...
2 affected packages
php-guzzlehttp-psr7, php-nyholm-psr7
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php-guzzlehttp-psr7 | Not affected | Fixed | Fixed | Not in release | Ignored |
php-nyholm-psr7 | Not affected | Fixed | Ignored | Not in release | Ignored |
CVE-2021-44538
Medium prioritySome fixes available 8 of 26
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by...
3 affected packages
node-matrix-js-sdk, olm, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-matrix-js-sdk | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
olm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
thunderbird | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2021-34813
Medium prioritySome fixes available 1 of 4
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow....
1 affected packages
olm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
olm | Not affected | Not affected | Fixed | Not affected | Not in release |