CVE-2022-39254

EUVD-2022-6957

29.09.2022, 15:15

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
GitHub_M	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Affected Products (NVD)

Vendor	Product	Version
matrix-nio_project	matrix-nio	𝑥 < 0.20

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-matrix-nio

bookworm	0.20.1-3 fixed
sid	0.25.1-1 fixed
trixie	0.25.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

python-matrix-nio

bionic	dne
focal	dne
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	ignored
xenial	ignored

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0

https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh

https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0

https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh