- Reported
-
- Issued
-
- Package
-
matrix-sdk-base
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
Description
The matrix-sdk-base crate is unable to handle responses that include custom
m.room.join_rules values due to a serialization bug.
This can be exploited to cause a denial-of-service condition, if a user is
invited to a room with non-standard join rules, the crate's sync process will
stall, preventing further processing for all rooms.
Advisory available under CC0-1.0
license.