Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:40 p.m.8 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS6.6AI score0.00488EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/09/30 10:51 p.m.6 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2022-39252 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2022-39252 Source advisory: OSV:GHSA-VP68-2WRM-69QM...

8.6CVSS7.1AI score0.00488EPSS
Exploits0
CVE
CVE
added 2022/09/29 2:15 p.m.75 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00488EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/29 2:15 p.m.6 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.5AI score0.00488EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/09/29 12:0 p.m.5 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2022-39252 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2022-39252 Source advisory: OSV:RUSTSEC-2022-0085...

8.6CVSS7.1AI score0.00488EPSS
Exploits0
Rows per page
Query Builder