matrix_synapse is vulnerable to denial of service attacks. The vulnerability exists in the ‘check_state_independent_auth_rules’ function in ‘event_auth.py’ due to a lack of validation event authorization which allows an attacker to craft a malicious event and crash the system.
github.com/advisories/GHSA-jhjh-776m-4765
github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
github.com/matrix-org/synapse/pull/13087
github.com/matrix-org/synapse/pull/13087
github.com/matrix-org/synapse/pull/13088
github.com/matrix-org/synapse/releases/tag/v1.62.0
github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765