rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
3cb5be8c9c1af51e6e27236234c44b3b87b1b125
advisory-db/crates/matrix-sdk-base/RUSTSEC-0000-0000.md
Damir Jelić 3cb5be8c9c Add CVE-2025-66622 for matrix-sdk-base
2025-12-08 12:55:44 +01:00

730 B
Raw Blame History 

[advisory]
id = "RUSTSEC-0000-0000"
package = "matrix-sdk-base"
date = "2025-12-08"
url = "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3"
aliases = ["CVE-2025-66622", "GHSA-jj6p-3m75-g2p3"]

categories = ["denial-of-service"]

[versions]
patched = [">= 0.16.0"]

matrix-sdk-base: Denial of service due to custom m.room.join_rules events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.join_rules values due to a serialization bug.

This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms.