Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-39252
HistorySep 29, 2022 - 3:15 p.m.

Code injection

2022-09-2915:15:00
PRIOn knowledge base
www.prio-n.com
4
matrix client-server library
rust
matrix-sdk-crypto
encryption
impersonation attack

0.001 Low

EPSS

Percentile

37.8%

JSON

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

CPENameOperatorVersion
matrix-rust-sdklt0.6

Related

cvelist 1
github 1
rustsec 1
nvd 1
osv 3
cve 1
cvelist
cvelist
CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
2022-09-29 14:15:14
github
github
matrix-sdk-crypto contains potential impersonation via room key forward responses
2022-09-30 22:51:57
rustsec
rustsec
matrix-sdk Impersonation of room keys
2022-09-29 12:00:00
nvd
nvd
CVE-2022-39252
2022-09-29 15:15:10
osv
osv
CVE-2022-39252
2022-09-29 15:15:10
matrix-sdk Impersonation of room keys
2022-09-29 12:00:00
matrix-sdk-crypto contains potential impersonation via room key forward responses
2022-09-30 22:51:57
cve
cve
CVE-2022-39252
2022-09-29 15:15:10

0.001 Low

EPSS

Percentile

37.8%

JSON
Related for PRION:CVE-2022-39252
cvelist1github1rustsec1nvd1osv3cve1