matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

Pmanager - Store And Retrieve Your Passwords From A Secure Offline Database. Check If Your Passwords Has Leaked Previously To Prevent Targeted Password Reuse Attacks

Demo Description Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted password reuse attacks. Why develop another password manager ? This project was initially born from my desire to learn Rust. I was tired of using th...

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

Code injection

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2022-39252 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2022-39252 Source advisory: OSV:RUSTSEC-2022-0085...

SUSE SLED15 / SLES15 Security Update : rust1.62 (SUSE-SU-2022:3451-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3451-1 advisory. - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts...

Denial Of Service (DoS)

binutils is vulnerable to denial of service. The vulnerability exists due to a flaw in demanglepath in rust-demangle.c allowing an attacker to crash the system by injecting a crafted symbol...

RUSTSEC-2022-0058 Library exclusively intended to inject UB into safe Rust.

Quoting from the crate description: This crate is created purely to inject undefined behavior into stable, safe rust. Specifically, the inconceivable! macro is insta-UB if the ubinconceivable feature is enabled by any reverse dependency. The value this adds is questionable, and hides unsafe code...

Library exclusively intended to inject UB into safe Rust.

Quoting from the crate description: This crate is created purely to inject undefined behavior into stable, safe rust. Specifically, the inconceivable! macro is insta-UB if the ubinconceivable feature is enabled by any reverse dependency. The value this adds is questionable, and hides unsafe code...

SUSE SLED15 / SLES15 Security Update : oniguruma (SUSE-SU-2022:3327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3327-1 advisory. - CVE-2019-19246: Fixed an out of bounds access during regular expression matching bsc1157805. - CVE-2019-1920...

personnummer/rust vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-28R9-PQ4C-WP3C personnummer/rust vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-P75V-367R-2V23 `cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

GHSA-V8GQ-5GRQ-9728 mozjpeg DecompressScanlines::read_scanlines is Unsound

This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on. Affected versions of mozjpeg crate allow creating instances of any type T from bytes, and do not correctly constrain T to the types for which it is safe to do so. Examples of safety violation possible for...

GHSA-RC23-XXGQ-X27G wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years a...