RUSTSEC-2022-0085

Source
https://rustsec.org/advisories/
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0085.json
Aliases
Published
2022-09-29T12:00:00Z
Modified
2023-11-08T04:10:16.760388Z
Details

When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack.

References

Affected packages

crates.io / matrix-sdk-crypto

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.6.0

Ecosystem specific

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
    "informational": null,
    "categories": []
}