CVE-2024-52813

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/matrix-org/matrix-rust-sdk/pull/3795
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) matrix-rust-sdk es una implementación de una librería cliente-servidor Matrix en Rust. Las versiones del paquete de Rust matrix-sdk-crypto anteriores a la 0.8.0 carecen de un mecanismo dedicado para notificar que la identidad criptográfica de un usuario ha cambiado de verificada a no verificada, lo que podría provocar que las aplicaciones cliente que dependen del SDK pasen por alto dichos cambios. matrix-sdk-crypto 0.8.0 agrega una nueva variante de enumeración VerificationLevel::VerificationViolation que indica que se ha cambiado una identidad verificada previamente.

07 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-52813

Mitre link : CVE-2024-52813

CVE.ORG link : CVE-2024-52813

JSON object : View

Products Affected

No product.

CWE

CWE-223

Omission of Security-relevant Information

4.3 /10