Описание
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
Patches
The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.
Workarounds
There are no known workarounds.
References
n/a
For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
Пакеты
Наименование
matrix-synapse
pip
Затронутые версииВерсия исправления
< 1.33.0
1.33.0
Дефекты
CWE-400
Дефекты
CWE-400