VYPR

Matrix Rust SDK

by Matrix Org

Source repositories

CVEs (10)

  • CVE-2024-34353MedMay 14, 2024
    risk 0.29cvss 5.5epss 0.00

    The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's…

  • CVE-2024-40648MedJul 18, 2024
    risk 0.28cvss 5.4epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check…

  • CVE-2025-53549MedJul 10, 2025
    risk 0.27cvss epss 0.00

    The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in…

  • CVE-2025-48937MedJun 10, 2025
    risk 0.25cvss 4.9epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients,…

  • CVE-2024-52813MedJan 7, 2025
    risk 0.21cvss 4.3epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause…

  • CVE-2025-59047LowSep 11, 2025
    risk 0.11cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1.…

  • CVE-2026-45057Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Impact The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with…

  • CVE-2026-45056Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Impact The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property. This could be exploited to spoof the sender of an encrypted to-device message,…

  • CVE-2025-66622Dec 9, 2025
    risk 0.00cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is…

  • CVE-2022-39252Sep 29, 2022
    risk 0.00cvss epss 0.00

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives…