Lucene search
Redhat.comRH:CVE-2021-29471HistoryMay 20, 2022 - 11:06 p.m.
CVE-2021-29471
2022-05-2023:06:45
redhat.com
access.redhat.com
10
0.002 Low
EPSS
Percentile
51.9%
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including event_match, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.
Related
osv
osv
PYSEC-2021-135
2021-05-11 15:15:00
Denial of service attack via push rule patterns in matrix-synapse
2021-05-13 20:22:51
CVE-2021-29471
2021-05-11 15:15:08
cvelist
cvelist
CVE-2021-29471 Denial of service in Matrix Synapse
2021-05-11 15:05:12
freebsd
freebsd
nessus
nessus
ubuntucve
ubuntucve
CVE-2021-29471
2021-05-11 00:00:00
prion
prion
Design/Logic Flaw
2021-05-11 15:15:00
nvd
nvd
CVE-2021-29471
2021-05-11 15:15:08
debiancve
debiancve
CVE-2021-29471
2021-05-11 15:15:08
github
github
Denial of service attack via push rule patterns in matrix-synapse
2021-05-13 20:22:51
archlinux
archlinux
[ASA-202105-19] matrix-synapse: denial of service
2021-05-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-05-12 00:55:46
alpinelinux
alpinelinux
CVE-2021-29471
2021-05-11 15:15:08
cve
cve
CVE-2021-29471
2021-05-11 15:15:08
fedora
fedora
[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34
2021-08-02 01:05:20
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00