CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42369.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-674"
    ]
}

References

Affected packages

Git / github.com/matrix-org/matrix-js-sdk

Affected ranges

Type: GIT
Repo: https://github.com/matrix-org/matrix-js-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

340bbe1a8fae05a514ac133e6e9b549326854957

Affected versions

Other

no-media-devices-release

v0.*

v0.1.0

v0.1.1

v0.10.2

v0.10.2-rc.1

v0.10.3

v0.10.3-rc.1

v0.10.5

v0.10.5-rc.1

v0.10.7

v0.10.7-rc.1

v0.11.0

v0.11.0-rc.1

v0.2.0

v0.2.1

v0.2.2

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.6.0-rc1

v0.6.0-rc2

v0.6.1

v0.6.2

v0.6.4

v0.6.4-rc.2

v0.7.1-rc.1

v0.7.10

v0.7.2

v0.7.4

v0.7.4-rc.1

v0.7.9

v0.8.0

v0.8.1

v0.8.1-rc.1

v0.8.2

v0.8.3

v0.8.3-rc.1

v1.*

v1.0.0

v1.0.0-rc.1

v1.0.0-rc.2

v2.*

v2.0.1

v2.0.1-rc.1

v2.0.1-rc.2

v2.4.1

v26.*

v26.1.0-patch.1

v26.2.0-no-media-devices-hotfix

v30.*

v30.1.0-rc.0

v30.1.0-rc.1

v30.2.0-rc.0

v31.*

v31.2.0-rc.0

v34.*

v34.2.0

v34.3.0

v34.3.0-rc.0

v34.3.0-rc.1

v5.*

v5.0.1

v7.*

v7.1.0

v7.1.0-rc.1

v8.*

v8.0.0

v8.1.0

v8.1.0-rc.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42369.json"