Vulnerabilities > Matrix

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29166 Injection vulnerability in Matrix IRC Bridge
matrix-appservice-irc is a Node.js IRC bridge for Matrix.
network
matrix CWE-74
6.8
2021-12-14 CVE-2021-44538 Classic Buffer Overflow vulnerability in multiple products
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow.
network
low complexity
matrix schildi cinny-project debian CWE-120
7.5
2021-11-23 CVE-2021-41281 Path Traversal vulnerability in multiple products
Synapse is a package for Matrix homeservers written in Python 3/Twisted.
4.3
2021-09-13 CVE-2021-40823 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Javascript SDK
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-09-13 CVE-2021-40824 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Element and Matrix-Android-Sdk2
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-08-31 CVE-2021-39164 Information Exposure vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
3.5
2021-08-31 CVE-2021-39163 Information Exposure vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
3.5
2021-06-16 CVE-2021-32659 Missing Authentication for Critical Function vulnerability in Matrix Matrix-Appservice-Bridge
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services.
network
matrix CWE-306
3.5
2021-06-16 CVE-2021-34813 Out-of-bounds Write vulnerability in Matrix OLM
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow.
network
low complexity
matrix CWE-787
7.5
2021-05-11 CVE-2021-29471 Insufficient Entropy vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-331
5.0