Lucene search
GoogleOSV:GHSA-VMCC-4P4X-X7WGHistoryMay 14, 2022 - 3:20 a.m.
Matrix Synapse DoS
2022-05-1403:20:03
Google
osv.dev
8
matrix synapse
denial of service
vulnerability
patch
version 0.28.1
malicious events
federation
message handlers
exploitation
april 2018
EPSS
0.001
Percentile
46.6%
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2<sup>63</sup> - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
References
docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit#heading=h.fj95ykuss7s1
github.com/matrix-org/synapse
github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
matrix.org/blog/2018/05/01/security-update-synapse-0-28-1
nvd.nist.gov/vuln/detail/CVE-2018-10657
Related
fedora
fedora
[SECURITY] Fedora 28 Update: matrix-synapse-0.28.1-1.fc28
2018-05-15 20:06:46
nessus
nessus
Fedora 28 : matrix-synapse (2018-f513267ac5)
2019-01-03 00:00:00
Ubuntu 18.04 ESM : Synapse vulnerabilities (USN-6076-1)
2023-05-16 00:00:00
prion
prion
Design/Logic Flaw
2018-05-02 16:29:00
osv
osv
CVE-2018-10657
2018-05-02 16:29:00
matrix-synapse vulnerabilities
2023-05-16 07:45:08
cvelist
cvelist
CVE-2018-10657
2018-05-02 16:00:00
openvas
openvas
Fedora Update for matrix-synapse FEDORA-2018-f513267ac5
2018-05-16 00:00:00
Ubuntu: Security Advisory (USN-6076-1)
2023-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2018-10657
2018-05-02 00:00:00
nvd
nvd
CVE-2018-10657
2018-05-02 16:29:00
github
github
Matrix Synapse DoS
2022-05-14 03:20:03
cve
cve
CVE-2018-10657
2018-05-02 16:29:00
debiancve
debiancve
CVE-2018-10657
2018-05-02 16:29:00
ubuntu
ubuntu
Synapse vulnerabilities
2023-05-16 00:00:00