Description

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.

INFO

Published Date :

2024-08-20T14:37:19.226Z

Last Modified :

2024-09-03T17:06:42.231Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42369 vulnerability.

Vendors Products
Matrix
  • Javascript Sdk
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42369.

URL Resource
https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6 cve-icon cve-icon
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact