Lucene search

K

Veracode Vulnerability DatabaseVERACODE:36200

HistoryJun 29, 2022 - 11:53 a.m.

Denial Of Service (DoS)

2022-06-2911:53:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

denial of service

matrix_synapse

unbounded recursion

system crash

url_preview_enabled configuration

EPSS

0.001

Percentile

49.1%

matrix_synapse is vulnerable to denial of service ]attacks. An authenticated attacker is able to exhaust the available stack space for the Synapse process due to unbounded recursion, resulting in a system crash. The deployments with url_preview_enabled: true configuration are affected.

References

github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333

github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32

lists.fedoraproject.org/archives/list/[email protected]/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/

lists.fedoraproject.org/archives/list/[email protected]/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/

spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url

EPSS

0.001

Percentile

49.1%

Related for VERACODE:36200

openvas2 cve1 fedora2 osv4 nvd1 nessus1 freebsd1 cvelist1 ubuntucve1 prion1 alpinelinux1 cnvd1 debiancve1 github1