CVE-2025-59047
2.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
Summary
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| matrix-org | matrix-rust-sdk | < 0.14.1 | affected |
Weaknesses
- CWE-682: CWE-682: Incorrect Calculation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
- https://github.com/matrix-org/matrix-rust-sdk/pull/5635
- https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
- https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.