rpm package
opensuse/fractal&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/fractal&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-55159 | Med | — | < 12.0-3.1 | 12.0-3.1 | Aug 11, 2025 | slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potentia | |
| CVE-2025-53549 | Med | — | < 12.beta+14-1.1 | 12.beta+14-1.1 | Jul 10, 2025 | The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in | |
| CVE-2025-48937 | Med | 4.9 | < 11.2-1.1 | 11.2-1.1 | Jun 10, 2025 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, m |
- affected < 12.0-3.1fixed 12.0-3.1
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potentia
- affected < 12.beta+14-1.1fixed 12.beta+14-1.1
The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in
- affected < 11.2-1.1fixed 11.2-1.1
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, m