When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
CVE-2022-39252

8.6HIGH

Key Information:

Vendor: Matrix-org
Status: Matrix-rust-sdk
Vendor: CVE Published:; 29 September 2022

What is CVE-2022-39252?

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

Affected Version(s)

matrix-rust-sdk < 0.6

References

https://github.com/matrix-org/matrix-rust-sdk/security/ad...

x_refsource_CONFIRM

https://github.com/matrix-org/matrix-rust-sdk/commit/093f...

x_refsource_MISC

https://github.com/matrix-org/matrix-rust-sdk/commit/4144...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Sep 2, 2022

Matrix-org

What is CVE-2022-39252?

Affected Version(s)

References

CVSS V3.1

Timeline