Olm Matrix Olm

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Matrix Olm.

By the Year

In 2025 there have been 0 vulnerabilities in Matrix Olm. Last year, in 2024 Olm had 3 security vulnerabilities published. Right now, Olm is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 3 0.00
2023 0 0.00
2022 0 0.00
2021 2 9.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Olm vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Matrix Olm Security Vulnerabilities

An issue was discovered in Matrix libolm through 3.2.16

CVE-2024-45193 - August 22, 2024

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

An issue was discovered in Matrix libolm through 3.2.16

CVE-2024-45192 - August 22, 2024

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

An issue was discovered in Matrix libolm through 3.2.16

CVE-2024-45191 - August 22, 2024

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow

CVE-2021-44538 9.8 - Critical - December 14, 2021

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.

Buffer Overflow

Matrix libolm before 3.2.3

CVE-2021-34813 9.8 - Critical - June 16, 2021

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Matrix Olm or by Matrix? Click the Watch button to subscribe.

Matrix
Vendor

Matrix Olm
Product

subscribe