high
8.6
CWE
287 322
Advisory Published
Updated

CVE-2022-39248: matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

First published: Wed Sep 28 2022(Updated: )

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Matrix Software Development Kit<1.5.1

Remedy

https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e

Remedy

https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-39248?

    CVE-2022-39248 is a vulnerability in the matrix-android-sdk2 library for Android, allowing an attacker to construct messages that appear to be from another person without any indication.

  • How does CVE-2022-39248 impact Matrix SDK for Android?

    CVE-2022-39248 allows an attacker cooperating with a malicious homeserver to send messages that appear to come from another person, without any indication of tampering.

  • What is the severity of CVE-2022-39248?

    CVE-2022-39248 has a severity keyword of 'high' and a severity value of 7.5.

  • How can CVE-2022-39248 be fixed?

    To fix CVE-2022-39248, it is recommended to upgrade to version 1.5.1 or later of the matrix-android-sdk2 library for Android.

  • Are there any references for CVE-2022-39248?

    Yes, you can find references for CVE-2022-39248 at the following links: [Reference 1](https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e), [Reference 2](https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1), [Reference 3](https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203