PT-2022-4608 · Unknown+11 · Matrix-Js-Sdk+11

Dkasak

·

Published

2022-08-31

·

Updated

2025-09-29

·

CVE-2022-36059

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions matrix-js-sdk versions prior to 19.4.0
Description The issue is related to errors in handling input data, which can allow a remote attacker to perform a denial-of-service (DoS) attack. Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. The matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.
Recommendations For versions prior to 19.4.0, upgrade to version 19.4.0 to fix the issue. For users unable to upgrade, redacting applicable events, waiting for the sync processor to store data, and restarting the client can often fix the issue. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.

Exploit

Fix

DoS

XSS

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-1321

Related Identifiers

ALSA-2022:6708
ALSA-2022:6717
ALSA-2025_16880
ALT-PU-2022-2570
ALT-PU-2022-2931
ALT-PU-2023-1137
ALT-PU-2023-4335
BDU:2022-05486
CESA-2022_6708
CVE-2022-36059
GHSA-RFV9-X7HH-XC32
OPENSUSE-SU-2022_3281-1
OPENSUSE-SU-2024:12294-1
OPENSUSE-SU-2024:12295-1
OPENSUSE-SU-2024:12299-1
RHSA-2022:6708
RHSA-2022:6710
RHSA-2022:6713
RHSA-2022:6715
RHSA-2022:6716
RHSA-2022:6717
RHSA-2022_6708
RHSA-2022_6710
RHSA-2022_6717
RLSA-2022:6708
SUSE-SU-2022:3281-1
USN-5663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Matrix-Js-Sdk