Home

CVE-2021-44538

Description

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receivers session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.416

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-4126,CVE-2021-44538 are fixed in Mozilla Thunderbird (91) (91.4.1)Windows
Vulnerabilities CVE-2021-4126,CVE-2021-44538 are fixed in Mozilla Thunderbird (91) (x64) (91.4.1)Windows
Vulnerabilities CVE-2021-4126,CVE-2021-44538 are fixed in Mozilla Thunderbird For Mac 91.4.1Mac
thunderbird security update(DSA-5034-1) thunderbird_91.4.1-1~deb10u1_i386.debLinux
thunderbird security update(DSA-5034-1) thunderbird_91.4.1-1~deb10u1_amd64.debLinux
thunderbird security update(DSA-5034-1) thunderbird_91.4.1-1~deb11u1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-5248-1) thunderbird_91.5.0+build1-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-5248-1) thunderbird_91.5.0+build1-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-5248-1) thunderbird_91.5.0+build1-0ubuntu0.20.04.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-322963Mozilla Thunderbird (91) (91.4.1)
PATCH-322964Mozilla Thunderbird (91) (x64) (91.4.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234