PT-2022-20221 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in path/filepath, which allows an attacker to cause a panic due to stack exhaustion via a path containing a large...

xstream: Injecting highly recursive collections or maps can cause a DoS

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

Matrix Synapse Denial of Service Vulnerability (CNVD-2022-60674)

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the U.K. A denial of service vulnerability exists in versions of Matrix Synapse prior to 1.61.1, which stems from infinite recursion, where URL previews of certain web pages may exhaust the available stack...

GHSA-22P3-QRH9-CX32 URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Impact URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to...

URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths

Impact URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to...

Denial Of Service (DoS)

matrixsynapse is vulnerable to denial of service attacks. An authenticated attacker is able to exhaust the available stack space for the Synapse process due to unbounded recursion, resulting in a system crash. The deployments with urlpreviewenabled: true configuration are affected...

FreeBSD : py-matrix-synapse -- unbounded recursion in urlpreview (07c0d782-f758-11ec-acaa-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 07c0d782-f758-11ec-acaa-901b0e9408dc advisory. - Synapse is an open source home server implementation for the Matrix chat network. In versions prior t...

DEBIAN-CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

UBUNTU-CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

CVE-2022-31052 URL previews can crash Synapse media repositories or Synapse monoliths

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

CVE-2022-31052

CVE-2022-31052 affects Synapse (Matrix homeserver). In versions before 1.61.1, URL previews for some web pages can cause unbounded recursion, exhausting stack space and potentially crashing the Synapse process. Remote users can exploit via URL previews that clients auto-request, but the URL previ...

CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

py-matrix-synapse -- unbounded recursion in urlpreview

Matrix developers report: This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process. Note that: Homeservers with the urlpreviewenable...

Matrix Synapse 安全漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the U.K. A denial of service vulnerability exists in versions of Matrix Synapse prior to 1.61.1, which stems from infinite recursion, where URL previews of certain web pages may exhaust the available stack...

CVE-2022-31099 Uncontrolled Recursion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is ...

OESA-2022-1717 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

Huawei EulerOS: Security Advisory for pcre2 (EulerOS-SA-2022-1945)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Prototype Pollution in mout

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively...

GHSA-VVV8-XW5F-3F88 Prototype Pollution in mout

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively...