Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Moderate
babolivier published GHSA-7h5v-85w9-pq6c May 11, 2021

Package

pip matrix-synapse (pip)

Affected versions

< 1.33.0

Patched versions

>= 1.33.0

Description

Impact

Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

Patches

The issue is fixed by #9855.

Workarounds

There are no known workarounds.

References

n/a

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

Severity

Moderate

CVE ID

No known CVE

Weaknesses

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Learn more on MITRE.