ALT-PU-2025-16666-1

Package update matrix-synapse in branch sisyphus

Version1.129.0-alt1

Published2025-05-23

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

Published: 2025-03-27Modified: 2025-08-26

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-v56r-hwv5-mxg6

HIGH7.1

Synapse vulnerable to federation denial of service via malformed events

Published: 2025-03-27Modified: 2025-10-24

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

References