Veracode Vulnerability DatabaseVERACODE:43795

HistoryOct 12, 2023 - 1:44 p.m.

Denial Of Service (DoS)

2023-10-1213:44:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

matrix_synapse

vulnerability

denial of service

malicious server acl

performance impact

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.3%

JSON

matrix_synapse is vulnerable to Denial Of Service (DoS). The vulnerability is due to malicious server ACL events which can impact performance temporarily or permanently, leading to a persistent denial of service (DoS).

References

github.com/advisories/GHSA-5chr-wjw5-3gq4

github.com/matrix-org/synapse/commit/f84da3c32ec74cf054e2fd6d10618aa4997cffaa

github.com/matrix-org/synapse/pull/16360

github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4

lists.fedoraproject.org/archives/list/[email protected]/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B/

lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/

lists.fedoraproject.org/archives/list/[email protected]/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3/

matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version

security.gentoo.org/glsa/202401-12

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.3%

JSON

Related for VERACODE:43795