19 matches found
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...
GHSA-QHJ8-Q5R6-8Q6J matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. Patches The issue is fixed in matrix-sdk-base 0.14.1. Workarounds The affected method isn’t used internally, so avoiding calling...
CVE-2025-59047
matrix-sdk-base (pre-0.14.1) has a panic in RoomMember::normalized_power_level() when a member’s power level is Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calls to RoomMember::normalized_power_level() can prevent the panic; upgra...
CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...
CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...
CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t...
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...
RUSTSEC-2025-0065 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...
RUSTSEC-2025-0000 matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
In matrix-sdk-base before 0.14.1, calling the RoomMember::normalizedpowerlevel method can cause a panic if a room member has a power level of Int::Min...
PT-2025-37250
Name of the Vulnerable Software and Affected Versions: matrix-sdk-base versions prior to 0.14.1 Description: A panic can occur when calling the RoomMember::normalized power level method if a room member has a power level of Int::Min. Recommendations: Update to version 0.14.1 or later...
Linux Distros Unpatched Vulnerability : CVE-2020-26890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote...
CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
CVE-2024-50336
CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...
SUSE CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...
DEBIAN-CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...
DEBIAN-CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...
Matrix Synapse Injection Vulnerability
Matrix Synapse is a Matrix Management Server implementation from the Matrix.org Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.20.0 that allows the use of non-standard NaN, Infinity, and -Infinity JSON values in the fields of the m.room.member event,...