Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
CPE | Name | Operator | Version |
---|---|---|---|
synapse | eq | 0.27.3-rc1 | |
synapse | eq | 0.8.1 | |
synapse | eq | 0.17.3 | |
synapse | eq | 0.8.1-r4 | |
synapse | eq | 0.4.2 | |
synapse | eq | 0.16.0-rc1 | |
synapse | eq | 0.18.0-rc1 | |
synapse | eq | 0.13.1 | |
synapse | eq | 0.16.1-rc1 | |
synapse | eq | 0.18.7-rc1 |