2 matches found
CVE-2022-39252
CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...
CVE-2025-66622
Affected software: matrix-sdk-base (base component for Matrix Rust SDK). Vulnerability: Versions 0.14.1 and earlier cannot handle responses with custom m.room.join_rules values due to a serialization bug, which can cause a denial-of-service by stalling the crate’s sync process when invited to a r...