HIGH🇬🇧 English

CVE-2022-39252

CVSS 8.6v3.1pub. 2022-09-29upd. 2024-11-21

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
  • Matrix Rust Sdk

    APP
    Matrix
    < 0.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-66622LOW1.3ten sam produkt

matrix-sdk-base to biblioteka bazowa do tworzenia klienta Matrix. Wersje 0.14.1 i wcześniejsze nie potrafią ob...

CVE-2023-38686CRITICAL9.3ten sam vendor

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to ...

CVE-2021-44538CRITICAL9.8ten sam vendor

The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm se...

CVE-2021-34813CRITICAL9.8ten sam vendor

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to r...

CVE-2019-18835CRITICAL9.8ten sam vendor

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join...