CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

matrix-js-sdk 数据伪造问题漏洞

matrix-js-sdk is an application component of Matrix open source. A data forgery issue vulnerability exists in matrix-js-sdk versions prior to 38.2.0, which stems from insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, which could lead to an attacker replacing a...

DEBIAN-CVE-2023-53184

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the allocation of the buffer for SVE state when changing SME vector length we introduced an immediate reallocation of the SVE state, this is also done when...

PT-2025-37754

Name of the Vulnerable Software and Affected Versions The Matrix versions prior to 1.16 Description The Matrix specification has deficient state resolution when using a room version before 12 and State Resolution before 2.1. Recommendations Update to version 1.16 or later...

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...

GHSA-QHJ8-Q5R6-8Q6J matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...

CVE-2025-59047

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

CVE-2025-59047

matrix-sdk-base (pre-0.14.1) has a panic in RoomMember::normalized_power_level() when a member’s power level is Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calls to RoomMember::normalized_power_level() can prevent the panic; upgra...

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

RUSTSEC-2025-0065 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

RUSTSEC-2025-0000 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

PT-2025-37250

Name of the Vulnerable Software and Affected Versions: matrix-sdk-base versions prior to 0.14.1 Description: A panic can occur when calling the RoomMember::normalized power level method if a room member has a power level of Int::Min. Recommendations: Update to version 0.14.1 or later...

Matrix Rust SDK 安全漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A security vulnerability exists in versions of the Matrix Rust SDK prior to 0.14.1, which stems from a potential panic that could be triggered when dealing with permission levels ...

Linux Distros Unpatched Vulnerability : CVE-2024-43433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users. CVE-2024-43433 Note that...

Linux Distros Unpatched Vulnerability : CVE-2023-32323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to...

Linux Distros Unpatched Vulnerability : CVE-2021-39164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list o...