Lucene search
K

19 matches found

Github Security Blog
Github Security Blog
added 2025/09/11 9:23 p.m.7 views

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...

6.9CVSS6.8AI score0.00374EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/09/11 9:23 p.m.4 views

GHSA-QHJ8-Q5R6-8Q6J matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...

6.9CVSS6.8AI score0.00374EPSS
Exploits0References7
CVE
CVE
added 2025/09/11 6:3 p.m.20 views

CVE-2025-59047

matrix-sdk-base (pre-0.14.1) has a panic in RoomMember::normalized_power_level() when a member’s power level is Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calls to RoomMember::normalized_power_level() can prevent the panic; upgra...

6.9CVSS6.4AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/11 6:3 p.m.10 views

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

6.9CVSS0.00374EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/11 6:3 p.m.2 views

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

6.9CVSS6.4AI score0.00374EPSS
Exploits0References4
OSV
OSV
added 2025/09/11 6:3 p.m.6 views

CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...

6.9CVSS6.5AI score0.00374EPSS
Exploits0References6
RustSec
RustSec
added 2025/09/11 12:0 p.m.5 views

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/09/11 12:0 p.m.6 views

matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/09/11 12:0 p.m.5 views

RUSTSEC-2025-0065 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0References3
OSV
OSV
added 2025/09/11 12:0 p.m.5 views

RUSTSEC-2025-0000 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...

6.9CVSS6.9AI score0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.3 views

PT-2025-37250

Name of the Vulnerable Software and Affected Versions: matrix-sdk-base versions prior to 0.14.1 Description: A panic can occur when calling the RoomMember::normalized power level method if a room member has a power level of Int::Min. Recommendations: Update to version 0.14.1 or later...

6.9CVSS6.5AI score0.00374EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-26890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote...

7.5CVSS7.4AI score0.02967EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 5:15 p.m.39 views

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00835EPSS
Exploits0References3
CVE
CVE
added 2024/11/12 4:38 p.m.135 views

CVE-2024-50336

CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...

5.3CVSS6.5AI score0.00835EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

7.5CVSS7.5AI score0.02967EPSS
Exploits0References3
OSV
OSV
added 2021/08/31 5:15 p.m.1 views

DEBIAN-CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.1CVSS6.8AI score0.01457EPSS
Exploits0References1
NVD
NVD
added 2020/11/24 3:15 a.m.12 views

CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

7.5CVSS7.5AI score0.02967EPSS
Exploits0References3
OSV
OSV
added 2020/11/24 3:15 a.m.1 views

DEBIAN-CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

7.5CVSS7.1AI score0.02967EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.13 views

Matrix Synapse Injection Vulnerability

Matrix Synapse is a Matrix Management Server implementation from the Matrix.org Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.20.0 that allows the use of non-standard NaN, Infinity, and -Infinity JSON values in the fields of the m.room.member event,...

7.5CVSS7.1AI score0.02967EPSS
Exploits0References5
Rows per page
Query Builder