rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2025-66622 for matrix-sdk-base

Browse Source
This commit is contained in:
Damir Jelić
2025-12-08 12:44:36 +01:00
committed by Dirkjan Ochtman
parent 30472d9594
commit 3cb5be8c9c
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/matrix-sdk-base/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,22 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "matrix-sdk-base"
date = "2025-12-08"
url = "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3"
aliases = ["CVE-2025-66622", "GHSA-jj6p-3m75-g2p3"]
categories = ["denial-of-service"]
[versions]
patched = [">= 0.16.0"]
```
# matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events
The matrix-sdk-base crate is unable to handle responses that include custom
m.room.join_rules values due to a serialization bug.
This can be exploited to cause a denial-of-service condition, if a user is
invited to a room with non-standard join rules, the crate's sync process will
stall, preventing further processing for all rooms.