Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/olm@3.2.13~dfsg-1?distro=trixie
Typedeb
Namespacedebian
Nameolm
Version3.2.13~dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.16+dfsg-3
Latest_non_vulnerable_version3.2.16+dfsg-5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1mm2-4b1k-afat
vulnerability_id VCID-1mm2-4b1k-afat
summary 
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The olm_session_describe function in Matrix libolm is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44538
reference_id
reference_type
scores
0
value 0.01416
scoring_system epss
scoring_elements 0.80586
published_at 2026-04-18T12:55:00Z
1
value 0.01416
scoring_system epss
scoring_elements 0.80503
published_at 2026-04-01T12:55:00Z
2
value 0.01416
scoring_system epss
scoring_elements 0.80578
published_at 2026-04-11T12:55:00Z
3
value 0.01416
scoring_system epss
scoring_elements 0.80564
published_at 2026-04-12T12:55:00Z
4
value 0.01416
scoring_system epss
scoring_elements 0.80556
published_at 2026-04-13T12:55:00Z
5
value 0.01416
scoring_system epss
scoring_elements 0.80585
published_at 2026-04-16T12:55:00Z
6
value 0.01416
scoring_system epss
scoring_elements 0.80509
published_at 2026-04-02T12:55:00Z
7
value 0.01416
scoring_system epss
scoring_elements 0.80531
published_at 2026-04-04T12:55:00Z
8
value 0.01416
scoring_system epss
scoring_elements 0.80521
published_at 2026-04-07T12:55:00Z
9
value 0.01416
scoring_system epss
scoring_elements 0.8055
published_at 2026-04-08T12:55:00Z
10
value 0.01416
scoring_system epss
scoring_elements 0.8056
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44538
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
26
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
27
reference_url https://gitlab.matrix.org/matrix-org/olm/-/tags
reference_id
reference_type
scores
url https://gitlab.matrix.org/matrix-org/olm/-/tags
28
reference_url https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
reference_id
reference_type
scores
url https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk
29
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001664
reference_id 1001664
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001664
30
reference_url https://security.archlinux.org/AVG-2638
reference_id AVG-2638
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2638
31
reference_url https://security.archlinux.org/AVG-2639
reference_id AVG-2639
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2639
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44538
reference_id CVE-2021-44538
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-44538
33
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2021-55
reference_id mfsa2021-55
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2021-55
34
reference_url https://usn.ubuntu.com/5246-1/
reference_id USN-5246-1
reference_type
scores
url https://usn.ubuntu.com/5246-1/
35
reference_url https://usn.ubuntu.com/5248-1/
reference_id USN-5248-1
reference_type
scores
url https://usn.ubuntu.com/5248-1/
fixed_packages
0
url pkg:deb/debian/olm@3.2.8~dfsg-1?distro=trixie
purl pkg:deb/debian/olm@3.2.8~dfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.8~dfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/olm@3.2.13~dfsg-1?distro=trixie
purl pkg:deb/debian/olm@3.2.13~dfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.13~dfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/olm@3.2.16%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/olm@3.2.16%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.16%252Bdfsg-3%3Fdistro=trixie
3
url pkg:deb/debian/olm@3.2.16%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/olm@3.2.16%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.16%252Bdfsg-5%3Fdistro=trixie
aliases CVE-2021-44538
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mm2-4b1k-afat
1
url VCID-eejx-9f6j-9qej
vulnerability_id VCID-eejx-9f6j-9qej
summary Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34813
reference_id
reference_type
scores
0
value 0.04458
scoring_system epss
scoring_elements 0.89087
published_at 2026-04-18T12:55:00Z
1
value 0.04458
scoring_system epss
scoring_elements 0.8902
published_at 2026-04-01T12:55:00Z
2
value 0.04458
scoring_system epss
scoring_elements 0.89028
published_at 2026-04-02T12:55:00Z
3
value 0.04458
scoring_system epss
scoring_elements 0.89043
published_at 2026-04-04T12:55:00Z
4
value 0.04458
scoring_system epss
scoring_elements 0.89045
published_at 2026-04-07T12:55:00Z
5
value 0.04458
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-08T12:55:00Z
6
value 0.04458
scoring_system epss
scoring_elements 0.89067
published_at 2026-04-09T12:55:00Z
7
value 0.04458
scoring_system epss
scoring_elements 0.89079
published_at 2026-04-11T12:55:00Z
8
value 0.04458
scoring_system epss
scoring_elements 0.89075
published_at 2026-04-12T12:55:00Z
9
value 0.04458
scoring_system epss
scoring_elements 0.89072
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34813
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34813
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989997
reference_id 989997
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989997
3
reference_url https://security.archlinux.org/AVG-2077
reference_id AVG-2077
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2077
4
reference_url https://usn.ubuntu.com/USN-5194-1/
reference_id USN-USN-5194-1
reference_type
scores
url https://usn.ubuntu.com/USN-5194-1/
fixed_packages
0
url pkg:deb/debian/olm@3.2.3~dfsg-3?distro=trixie
purl pkg:deb/debian/olm@3.2.3~dfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.3~dfsg-3%3Fdistro=trixie
1
url pkg:deb/debian/olm@3.2.13~dfsg-1?distro=trixie
purl pkg:deb/debian/olm@3.2.13~dfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.13~dfsg-1%3Fdistro=trixie
2
url pkg:deb/debian/olm@3.2.16%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/olm@3.2.16%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.16%252Bdfsg-3%3Fdistro=trixie
3
url pkg:deb/debian/olm@3.2.16%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/olm@3.2.16%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.16%252Bdfsg-5%3Fdistro=trixie
aliases CVE-2021-34813
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eejx-9f6j-9qej
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/olm@3.2.13~dfsg-1%3Fdistro=trixie