131 matches found
PT-2025-29132 · Unknown · Matrix-Sdk
Name of the Vulnerable Software and Affected Versions: matrix-sdk versions 0.11 through 0.12 Description: An SQL injection vulnerability exists in the EventCache::find event with relations method. This allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly...
matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator
matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...
RUSTSEC-2025-0041 matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator
matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...
SUSE CVE-2025-48937
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
GHSA-X958-RVG6-956W matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...
CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
CVE-2025-48937
The CVE-2025-48937 issue affects matrix-sdk-crypto (part of matrix-rust-sdk). Versions 0.8.0 through 0.11.0 do not properly validate the sender of an encrypted event, allowing a malicious homeserver operator to modify encrypted events served to clients so that recipients see them as from another ...
CVE-2024-52813
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
CVE-2024-40648
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...
CVE-2023-28103
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...
CVE-2022-36060
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...
CVE-2022-39246
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...
CVE-2022-39248
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...
SUSE CVE-2024-52813
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...
alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2024-52813 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)
matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2024-52813 Source advisory: OSV:GHSA-R5VF-WF4H-82GG...
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...
CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...