3 matches found
SUSE CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
Denial of service due to incorrect application of event authorization rules
Impact The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which...
PT-2022-20567 · Synapse · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.61.0 Description: The issue arises from the incorrect application of event authorization rules as specified in the Matrix specification, potentially causing divergence in room state between servers. An...