CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

CVE-2022-39248

Summary (Mode C): CVE-2022-39248 affects matrix-android-sdk2 prior to 1.5.1. A protocol confusion vulnerability permits an attacker cooperating with a malicious homeserver to craft to-device messages that appear to originate from another user, bypassing indicators like a grey shield. In a targete...

CVE-2022-39257

The CVE concerns Matrix iOS SDK prior to 0.23.19, where a too-permissive key forwarding policy allows an attacker coordinating with a malicious homeserver to create messages that appear to come from another user. The SDK now enforces stricter forwarding: forwarded keys are accepted only in respon...