Medium severity4.3NVD Advisory· Published Jan 7, 2025· Updated Apr 15, 2026

CVE-2024-52813

Description

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
matrix-sdk-cryptocrates.io	< 0.8.0	0.8.0

Patches

0b16d488adc6

https://github.com/matrix-org/matrix-rust-sdkvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-r5vf-wf4h-82ggghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-52813ghsaADVISORY
github.com/matrix-org/matrix-rust-sdk/pull/3795nvdWEB
github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82ggnvdWEB
rustsec.org/advisories/RUSTSEC-2024-0434.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000