GHSA-qhj8-q5r6-8q6j

Опубликовано: 11 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2.7

Описание

matrix-sdk-base: Panic in the RoomMember::normalized_power_level() method

In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.

Patches

The issue is fixed in matrix-sdk-base 0.14.1.

Workarounds

The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.

Ссылки

Пакеты

Наименование

matrix-sdk-base

rust

Затронутые версииВерсия исправления

< 0.14.1

0.14.1

EPSS

Процентиль: 19%

0.00061

Низкий

2.7 Low

CVSS4

CVE ID

CVE-2025-59047

Дефекты

CWE-682

Связанные уязвимости

CVE-2025-59047

nvd

5 месяцев назад

matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1. The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.

EPSS

Процентиль: 19%

0.00061

Низкий

2.7 Low

CVSS4

CVE ID

CVE-2025-59047

Дефекты

CWE-682