All errata/sisyphus/ALT-PU-2018-1887-2
ALT-PU-2018-1887-2

Package update matrix-synapse in branch sisyphus

Version0.29.1-alt1
Task#208138
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (2)

CVE-2018-10657
HIGH7.5

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.

Published: 2018-05-02Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
GHSA-vmcc-4p4x-x7wg
HIGH7.5

Matrix Synapse DoS

Published: 2022-05-14Modified: 2023-10-06
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References