{"id":"CVE-2024-42369","summary":"A room with itself as a its predecessor will freeze matrix-js-sdk","details":"matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1.","aliases":["GHSA-vhr5-g3pm-49fm"],"modified":"2026-04-10T05:10:26.454468Z","published":"2024-08-20T14:37:19.226Z","related":["openSUSE-SU-2024:14288-1","openSUSE-SU-2024:14289-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42369.json","cwe_ids":["CWE-674"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42369.json"},{"type":"ADVISORY","url":"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42369"},{"type":"FIX","url":"https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/matrix-org/matrix-js-sdk","events":[{"introduced":"0"},{"fixed":"340bbe1a8fae05a514ac133e6e9b549326854957"}]}],"versions":["no-media-devices-release","v0.1.0","v0.1.1","v0.10.2","v0.10.2-rc.1","v0.10.3","v0.10.3-rc.1","v0.10.5","v0.10.5-rc.1","v0.10.7","v0.10.7-rc.1","v0.11.0","v0.11.0-rc.1","v0.2.0","v0.2.1","v0.2.2","v0.4.1","v0.4.2","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.6.0-rc1","v0.6.0-rc2","v0.6.1","v0.6.2","v0.6.4","v0.6.4-rc.2","v0.7.1-rc.1","v0.7.10","v0.7.2","v0.7.4","v0.7.4-rc.1","v0.7.9","v0.8.0","v0.8.1","v0.8.1-rc.1","v0.8.2","v0.8.3","v0.8.3-rc.1","v1.0.0","v1.0.0-rc.1","v1.0.0-rc.2","v2.0.1","v2.0.1-rc.1","v2.0.1-rc.2","v2.4.1","v26.1.0-patch.1","v26.2.0-no-media-devices-hotfix","v30.1.0-rc.0","v30.1.0-rc.1","v30.2.0-rc.0","v31.2.0-rc.0","v34.2.0","v34.3.0","v34.3.0-rc.0","v34.3.0-rc.1","v5.0.1","v7.1.0","v7.1.0-rc.1","v8.0.0","v8.1.0","v8.1.0-rc.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L"}]}