Matrix libolm before 3.2.3 allows a malicious Matrix...
Critical severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Jun 16, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 29, 2023
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
References