History ⋅ Edit ⋅ JSON (OSV)
matrix-sdk-base: Denial of service due to custom m.room.join_rules events
Reported December 8, 2025 Issued December 8, 2025 Package matrix-sdk-base (crates.io) Type Vulnerability Categories
-
denial-of-service Aliases
-
[GHSA-jj6p-3m75-g2p3](https://github.com/advisories/GHSA-jj6…
History ⋅ Edit ⋅ JSON (OSV)
matrix-sdk-base: Denial of service due to custom m.room.join_rules events
Reported December 8, 2025 Issued December 8, 2025 Package matrix-sdk-base (crates.io) Type Vulnerability Categories
-
denial-of-service Aliases
-
GHSA-jj6p-3m75-g2p3 References
-
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3 Patched
-
>=0.16.0
Description
The matrix-sdk-base crate is unable to handle responses that include custom m.room.join_rules values due to a serialization bug.
This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate’s sync process will stall, preventing further processing for all rooms.
Advisory available under CC0-1.0 license.