CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

PT-2021-22961 · Element +2 · Element Android +2

Name of the Vulnerable Software and Affected Versions: Element Android versions prior to 1.2.2 matrix-android-sdk2 aka Matrix SDK for Android versions prior to 1.2.2 Description: A logic error in the room key sharing functionality allows a malicious Matrix homeserver present in an encrypted room ...