CVE-2025-59047
EPSS 0.12%matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
發布日:2025/9/11修改日:2025/9/11
描述
In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. ### Patches The issue is fixed in matrix-sdk-base 0.14.1. ### Workarounds The affected method isn’t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.
受影響套件(3)
- crates.io/matrix-sdk-basefrom 0, < 0.14.1
- crates.io/matrix-sdk-base>= 0.0.0-0, < 0.14.1
- crates.io/matrix-sdk-base>= 0.0.0-0, < 0.14.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-59047
- ADVISORYhttps://rustsec.org/advisories/RUSTSEC-2025-0000.html
- PATCHhttps://crates.io/crates/matrix-sdk-base
- PATCHhttps://github.com/matrix-org/matrix-rust-sdk
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/pull/5635
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j
- WEBhttps://rustsec.org/advisories/RUSTSEC-2025-0065.html