cvelistv5 - cve-2024-42369

CVE-2024-42369 (GCVE-0-2024-42369)

Vulnerability from cvelistv5 – Published: 2024-08-20 14:37 – Updated: 2024-09-03 17:06

Summary

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.

Severity ?

4.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitHub_M

References

URL

Tags

	https://github.com/matrix-org/matrix-js-sdk/secur…	x_refsource_CONFIRM
	https://github.com/matrix-org/matrix-js-sdk/commi…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	matrix-org	matrix-js-sdk	Affected: < 34.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T14:41:11.504953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T17:06:42.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-js-sdk",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 34.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-20T14:37:19.226Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm"
        },
        {
          "name": "https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6"
        }
      ],
      "source": {
        "advisory": "GHSA-vhr5-g3pm-49fm",
        "discovery": "UNKNOWN"
      },
      "title": "A room with itself as a its predecessor will freeze matrix-js-sdk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-42369",
    "datePublished": "2024-08-20T14:37:19.226Z",
    "dateReserved": "2024-07-30T14:01:33.923Z",
    "dateUpdated": "2024-09-03T17:06:42.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"34.3.1\", \"matchCriteriaId\": \"C489179C-DCFC-4A63-B66D-7AD76CCD6663\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.\"}, {\"lang\": \"es\", \"value\": \"Matrix-js-sdk es un SDK cliente-servidor del protocolo de mensajer\\u00eda Matrix para JavaScript. Un servidor dom\\u00e9stico malicioso puede crear una sala o una estructura de sala tal que los predecesores formen un ciclo. La funci\\u00f3n getRoomUpgradeHistory de Matrix-js-sdk se repetir\\u00e1 infinitamente en este caso, lo que provocar\\u00e1 que el c\\u00f3digo se cuelgue. Este m\\u00e9todo es p\\u00fablico pero tambi\\u00e9n lo llama el m\\u00e9todo \u0027leaveRoomChain()\u0027, por lo que salir de una habitaci\\u00f3n tambi\\u00e9n activar\\u00e1 el error. Esto fue parcheado en Matrix-js-sdk 34.3.1.\"}]",
      "id": "CVE-2024-42369",
      "lastModified": "2024-08-21T16:01:03.147",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L\", \"baseScore\": 4.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-08-20T15:15:21.540",
      "references": "[{\"url\": \"https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42369\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-20T15:15:21.540\",\"lastModified\":\"2024-08-21T16:01:03.147\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.\"},{\"lang\":\"es\",\"value\":\"Matrix-js-sdk es un SDK cliente-servidor del protocolo de mensajer\u00eda Matrix para JavaScript. Un servidor dom\u00e9stico malicioso puede crear una sala o una estructura de sala tal que los predecesores formen un ciclo. La funci\u00f3n getRoomUpgradeHistory de Matrix-js-sdk se repetir\u00e1 infinitamente en este caso, lo que provocar\u00e1 que el c\u00f3digo se cuelgue. Este m\u00e9todo es p\u00fablico pero tambi\u00e9n lo llama el m\u00e9todo \u0027leaveRoomChain()\u0027, por lo que salir de una habitaci\u00f3n tambi\u00e9n activar\u00e1 el error. Esto fue parcheado en Matrix-js-sdk 34.3.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.3,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"34.3.1\",\"matchCriteriaId\":\"C489179C-DCFC-4A63-B66D-7AD76CCD6663\"}]}]}],\"references\":[{\"url\":\"https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42369\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-21T14:41:11.504953Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-03T17:06:37.900Z\"}}], \"cna\": {\"title\": \"A room with itself as a its predecessor will freeze matrix-js-sdk\", \"source\": {\"advisory\": \"GHSA-vhr5-g3pm-49fm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"matrix-org\", \"product\": \"matrix-js-sdk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 34.3.1\"}]}], \"references\": [{\"url\": \"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm\", \"name\": \"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6\", \"name\": \"https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-08-20T14:37:19.226Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-42369\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-03T17:06:42.231Z\", \"dateReserved\": \"2024-07-30T14:01:33.923Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-20T14:37:19.226Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-42369

Vulnerability from fkie_nvd - Published: 2024-08-20 15:15 - Updated: 2024-08-21 16:01

Severity ?

4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6	Patch
	security-advisories@github.com	https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm	Vendor Advisory

Impacted products

	Vendor	Product	Version
	matrix	javascript_sdk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:matrix:javascript_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C489179C-DCFC-4A63-B66D-7AD76CCD6663",
              "versionEndExcluding": "34.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1."
    },
    {
      "lang": "es",
      "value": "Matrix-js-sdk es un SDK cliente-servidor del protocolo de mensajer\u00eda Matrix para JavaScript. Un servidor dom\u00e9stico malicioso puede crear una sala o una estructura de sala tal que los predecesores formen un ciclo. La funci\u00f3n getRoomUpgradeHistory de Matrix-js-sdk se repetir\u00e1 infinitamente en este caso, lo que provocar\u00e1 que el c\u00f3digo se cuelgue. Este m\u00e9todo es p\u00fablico pero tambi\u00e9n lo llama el m\u00e9todo \u0027leaveRoomChain()\u0027, por lo que salir de una habitaci\u00f3n tambi\u00e9n activar\u00e1 el error. Esto fue parcheado en Matrix-js-sdk 34.3.1."
    }
  ],
  "id": "CVE-2024-42369",
  "lastModified": "2024-08-21T16:01:03.147",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-20T15:15:21.540",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

OPENSUSE-SU-2024:14289-1

Vulnerability from csaf_opensuse - Published: 2024-08-27 00:00 - Updated: 2024-08-27 00:00

Summary

element-web-1.11.75-1.1 on GA media

Notes

Title of the patch

element-web-1.11.75-1.1 on GA media

Description of the patch

These are all security issues fixed in the element-web-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14289

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "element-web-1.11.75-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the element-web-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14289",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14289-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-42369 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-42369/"
      }
    ],
    "title": "element-web-1.11.75-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-08-27T00:00:00Z",
      "generator": {
        "date": "2024-08-27T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14289-1",
      "initial_release_date": "2024-08-27T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-08-27T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-web-1.11.75-1.1.aarch64",
                "product": {
                  "name": "element-web-1.11.75-1.1.aarch64",
                  "product_id": "element-web-1.11.75-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-web-1.11.75-1.1.ppc64le",
                "product": {
                  "name": "element-web-1.11.75-1.1.ppc64le",
                  "product_id": "element-web-1.11.75-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-web-1.11.75-1.1.s390x",
                "product": {
                  "name": "element-web-1.11.75-1.1.s390x",
                  "product_id": "element-web-1.11.75-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-web-1.11.75-1.1.x86_64",
                "product": {
                  "name": "element-web-1.11.75-1.1.x86_64",
                  "product_id": "element-web-1.11.75-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-web-1.11.75-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-web-1.11.75-1.1.aarch64"
        },
        "product_reference": "element-web-1.11.75-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-web-1.11.75-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-web-1.11.75-1.1.ppc64le"
        },
        "product_reference": "element-web-1.11.75-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-web-1.11.75-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-web-1.11.75-1.1.s390x"
        },
        "product_reference": "element-web-1.11.75-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-web-1.11.75-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-web-1.11.75-1.1.x86_64"
        },
        "product_reference": "element-web-1.11.75-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-42369",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-42369"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:element-web-1.11.75-1.1.aarch64",
          "openSUSE Tumbleweed:element-web-1.11.75-1.1.ppc64le",
          "openSUSE Tumbleweed:element-web-1.11.75-1.1.s390x",
          "openSUSE Tumbleweed:element-web-1.11.75-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-42369",
          "url": "https://www.suse.com/security/cve/CVE-2024-42369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.aarch64",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.ppc64le",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.s390x",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.aarch64",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.ppc64le",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.s390x",
            "openSUSE Tumbleweed:element-web-1.11.75-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-27T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-42369"
    }
  ]
}

OPENSUSE-SU-2024:14288-1

Vulnerability from csaf_opensuse - Published: 2024-08-27 00:00 - Updated: 2024-08-27 00:00

Summary

element-desktop-1.11.75-1.1 on GA media

Notes

Title of the patch

element-desktop-1.11.75-1.1 on GA media

Description of the patch

These are all security issues fixed in the element-desktop-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14288

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "element-desktop-1.11.75-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the element-desktop-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-14288",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14288-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-42369 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-42369/"
      }
    ],
    "title": "element-desktop-1.11.75-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-08-27T00:00:00Z",
      "generator": {
        "date": "2024-08-27T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:14288-1",
      "initial_release_date": "2024-08-27T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-08-27T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-desktop-1.11.75-1.1.aarch64",
                "product": {
                  "name": "element-desktop-1.11.75-1.1.aarch64",
                  "product_id": "element-desktop-1.11.75-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-desktop-1.11.75-1.1.ppc64le",
                "product": {
                  "name": "element-desktop-1.11.75-1.1.ppc64le",
                  "product_id": "element-desktop-1.11.75-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-desktop-1.11.75-1.1.s390x",
                "product": {
                  "name": "element-desktop-1.11.75-1.1.s390x",
                  "product_id": "element-desktop-1.11.75-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "element-desktop-1.11.75-1.1.x86_64",
                "product": {
                  "name": "element-desktop-1.11.75-1.1.x86_64",
                  "product_id": "element-desktop-1.11.75-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-desktop-1.11.75-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.aarch64"
        },
        "product_reference": "element-desktop-1.11.75-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-desktop-1.11.75-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.ppc64le"
        },
        "product_reference": "element-desktop-1.11.75-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-desktop-1.11.75-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.s390x"
        },
        "product_reference": "element-desktop-1.11.75-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "element-desktop-1.11.75-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.x86_64"
        },
        "product_reference": "element-desktop-1.11.75-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-42369",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-42369"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.aarch64",
          "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.ppc64le",
          "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.s390x",
          "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-42369",
          "url": "https://www.suse.com/security/cve/CVE-2024-42369"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.aarch64",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.ppc64le",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.s390x",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.aarch64",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.ppc64le",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.s390x",
            "openSUSE Tumbleweed:element-desktop-1.11.75-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-08-27T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-42369"
    }
  ]
}

GHSA-VHR5-G3PM-49FM

Vulnerability from github – Published: 2024-08-20 18:35 – Updated: 2024-08-20 18:35

Summary

matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor

Details

Impact

A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) we classify this as High severity issue.

Patches

This was patched in matrix-js-sdk 34.3.1.

Workarounds

Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.

References

N/A.

Severity ?

4.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "matrix-js-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "34.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-20T18:35:27Z",
    "nvd_published_at": "2024-08-20T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk\u0027s `getRoomUpgradeHistory` function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the \u0027leaveRoomChain()\u0027 method, so leaving a room will also trigger the bug.\n\nEven if the CVSS score would be 4.1 ([AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L\u0026version=3.1)) we classify this as High severity issue.\n\n### Patches\nThis was patched in matrix-js-sdk 34.3.1.\n\n### Workarounds\nSanity check rooms before passing them to the matrix-js-sdk or avoid calling either `getRoomUpgradeHistory` or `leaveRoomChain`.\n\n### References\nN/A.\n",
  "id": "GHSA-vhr5-g3pm-49fm",
  "modified": "2024-08-20T18:35:28Z",
  "published": "2024-08-20T18:35:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42369"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matrix-org/matrix-js-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-42369 (GCVE-0-2024-42369)

FKIE_CVE-2024-42369

OPENSUSE-SU-2024:14289-1

OPENSUSE-SU-2024:14288-1

GHSA-VHR5-G3PM-49FM

Impact

Patches

Workarounds

References

Tags

Sightings

Nomenclature