{"id":"RUSTSEC-2025-0135","summary":"matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events","details":"The matrix-sdk-base crate is unable to handle responses that include custom\nm.room.join_rules values due to a serialization bug.\n\nThis can be exploited to cause a denial-of-service condition, if a user is\ninvited to a room with non-standard join rules, the crate's sync process will\nstall, preventing further processing for all rooms.","aliases":["CVE-2025-66622","GHSA-jj6p-3m75-g2p3"],"modified":"2025-12-08T12:43:44.572700Z","published":"2025-12-08T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/matrix-sdk-base"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0135.html"},{"type":"ADVISORY","url":"https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3"}],"affected":[{"package":{"name":"matrix-sdk-base","ecosystem":"crates.io","purl":"pkg:cargo/matrix-sdk-base"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.16.0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":[]}},"database_specific":{"cvss":null,"categories":["denial-of-service"],"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0135.json"}}],"schema_version":"1.7.3"}