GitHub_MCVELIST:CVE-2024-42369CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
EPSS
Percentile
17.7%
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk’s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the ‘leaveRoomChain()’ method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.
CNA Affected
[
{
"vendor": "matrix-org",
"product": "matrix-js-sdk",
"versions": [
{
"version": "< 34.3.1",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
EPSS
Percentile
17.7%