OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
31f2f2bb91dc9c7b673625cb0496bcbf319bbdae
advisory-db/crates/matrix-sdk-crypto/RUSTSEC-2022-0085.md
github-actions[bot] 6d67664d5c Assigned RUSTSEC-2022-0085 to matrix-sdk-crypto (#1561) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2023-02-02 22:35:31 +11:00

731 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0085"
package = "matrix-sdk-crypto"
date = "2022-09-29"
url = "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb"
references = ["https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd"]
aliases = ["CVE-2022-39252", "GHSA-vp68-2wrm-69qm"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"

[versions]
patched = [">= 0.6.0"]

matrix-sdk Impersonation of room keys

When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack.