CVE-2022-39252 HIGH

CVE-2022-39252: When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

Vendor Matrix-Org
Product matrix-rust-sdk
Weakness CWE-322
Published September 29, 2022
Last update April 23, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

Key dates

02Disclosure timeline

September 29, 2022 CVE published
April 23, 2025 Record updated