Описание
Synapse vulnerable to federation denial of service via malformed events
Impact
A malicious server can craft events with a depth outside the integer range allowed by Canonical JSON. When such an event is received by Synapse version up to 1.127.0, it prevents it from federating with other servers. The vulnerability has been exploited in the wild.
Patches
Fixed in Synapse v1.127.1.
Workarounds
Closed federation environments of trusted servers or non-federating installations are not affected.
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.
Пакеты
matrix-synapse
< 1.127.1
1.127.1
Связанные уязвимости
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
Synapse is an open source Matrix homeserver implementation. A maliciou ...