CVE-2021-44538: 
Zabbix Server vulnerability analysis and mitigation

The olmsessiondescribe function in Matrix libolm before version 3.2.7 was discovered to be vulnerable to a buffer overflow. The vulnerability, identified as CVE-2021-44538, was disclosed on December 13, 2021. The vulnerability affected various Matrix-based applications including Element Web, SchildiChat Web, and other clients using the matrix-js-sdk for end-to-end encryption (E2EE) implementation (Matrix Blog).

The vulnerability exists in the olmsessiondescribe debugging function used by matrix-js-sdk in its end-to-end encryption implementation. The Olm session object represents a cryptographic channel between two parties, with its state being partially controllable by the remote party of the channel. Attackers could construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow occurs on a call to olmsessiondescribe. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The vulnerability has been present since the introduction of the olmsessiondescribe function in October 2019 (Matrix Blog, NVD).

The vulnerability could potentially lead to denial of service or arbitrary code execution in affected applications. The severity of the vulnerability was rated as CRITICAL with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability was fixed in libolm version 3.2.8 and matrix-js-sdk version 15.2.1. Client versions incorporating the fixes include Element Web/Desktop version 1.9.7, SchildiChat Web/Desktop version 1.9.7-sc.1, and Cinny version 1.6.0. Users were encouraged to upgrade to these versions as soon as possible (Matrix Blog).