5 matches found
Improper Validation of Specified Type of Input
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...
PT-2025-41273
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.138.3 Synapse version 1.139.0 Description Synapse is an open source Matrix homeserver implementation. Insufficient validation of device keys in affected versions allows an attacker registered on the victim homeserve...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
Improper Input Validation
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation. A malicious server can disrupt the normal operation and prevent the application from federating with other servers by crafting even...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...