Lucene search
Veracode Vulnerability DatabaseVERACODE:37341HistorySep 29, 2022 - 8:48 p.m.
Message Impersonation
2022-09-2920:48:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
matrix sdk
vulnerability
message impersonation
malicious homeserver
specific person
0.001 Low
EPSS
Percentile
37.8%
Matrix SDK is vulnerable to message impersonation. An attacker with a malicious homeserver can construct messages appearing to have come from a specific person.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/matrix-org/matrix-ios-sdk | le | v0.23.18 | |
| matrixsdk | le | 0.23.18 | |
| github.com/matrix-org/matrix-ios-sdk | le | v0.23.18 | |
| matrixsdk | le | 0.23.18 |
References
github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm
matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
Related
cve
cve
CVE-2022-39255
2022-09-28 21:15:13
prion
prion
Type confusion
2022-09-28 21:15:00
nvd
nvd
CVE-2022-39255
2022-09-28 21:15:13
osv
osv
CVE-2022-39255
2022-09-28 21:15:13
cvelist
cvelist
CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion
2022-09-28 20:35:10