Valldrac

Name of the Vulnerable Software and Affected Versions: libsignal-service-rs versions prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8 Description: The issue allows any contact to forge a sync message, impersonating another device of the local user, because the origin of sync messages is not checked. The `Metadata` struct contains an additional `was encrypted` field, which breaks the API, but should be easily resolvable. No known workarounds are available. Recommendations: For versions prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, update to a version after commit 82d70f6720e762898f34ae76b0894b0297d9b2f8 to resolve the issue. As a temporary workaround, consider implementing additional validation for the origin of sync messages until a patched version is available. Restrict access to sensitive functionality that relies on the `Metadata` struct until the API compatibility issue is resolved.

Name of the Vulnerable Software and Affected Versions: libsignal-service-rs versions prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8 Description: The libsignal-service-rs library, a Rust version of libsignal-service-java, had a vulnerability that allowed a server or malicious client to inject plaintext content envelopes. This could have potentially bypassed end-to-end encryption and authentication. The `Metadata` struct contains an additional `was encrypted` field, which breaks the API but should be easily resolvable. Recommendations: For versions prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, update to a version that includes the fix according to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `Metadata` struct until the update is applied.