Lucene search
Redhat.comRH:CVE-2021-21394HistoryMay 20, 2022 - 10:28 p.m.
CVE-2021-21394
2022-05-2022:28:48
redhat.com
access.redhat.com
9
0.002 Low
EPSS
Percentile
57.3%
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
Related
veracode
veracode
Denial Of Service (DoS)
2021-04-13 15:33:42
osv
osv
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
2021-04-13 15:12:51
CVE-2021-21394
2021-04-12 21:15:00
PYSEC-2021-27
2021-04-12 21:15:00
cvelist
cvelist
debiancve
debiancve
CVE-2021-21394
2021-04-12 21:15:14
nvd
nvd
CVE-2021-21394
2021-04-12 21:15:14
prion
prion
Input validation
2021-04-12 21:15:00
ubuntucve
ubuntucve
CVE-2021-21394
2021-04-12 00:00:00
cve
cve
CVE-2021-21394
2021-04-12 21:15:14
github
github
fedora
fedora
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
2021-08-02 01:05:20
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00