Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-r5vf-wf4h-82gg

GitHub Security Advisory

matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes.

### Patches

matrix-sdk-crypto 0.8.0 adds a new `VerificationLevel::VerificationViolation` enum variant which indicates that a previously verified identity has been changed.

### References

- Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795

Affected Packages

crates.io matrix-sdk-crypto
Affected versions: 0 (fixed in 0.8.0)

Related CVEs

CVE-2024-52813

Key Information

GHSA ID
GHSA-r5vf-wf4h-82gg
Published
January 7, 2025 3:25 PM
Last Modified
January 22, 2025 5:37 PM
CVSS Score
5.0 /10
Primary Ecosystem
crates.io
Primary Package
matrix-sdk-crypto
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.