SUSE CVE-2024-37302

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

DEBIAN-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

PT-2024-23851 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.105.1 Description: A remote Matrix user with malicious intent, sharing a room with Synapse instances, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induc...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:GHSA-5CHR-WJW5-3GQ4...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.84.1.0) +7 more potentially affected by CVE-2023-32682 via matrix-synapse (>=0.33.9 <=1.84.1)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32682 Source advisory: OSV:GHSA-26C5-PPR8-F33P...

PT-2019-12525 · Matrix +2 · Matrix Sydent +3

Name of the Vulnerable Software and Affected Versions: Matrix Sydent versions prior to 1.0.3 Synapse versions prior to 0.99.3.1 Description: An issue was discovered that makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID due to mishandled random number...