Lucene search
Veracode Vulnerability DatabaseVERACODE:36884HistorySep 01, 2022 - 10:16 a.m.
Denial Of Service (DoS)
2022-09-0110:16:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
denial of service
vulnerability
matrix_synapse
EPSS
0.001
Percentile
47.9%
matrix_synapse is vulnerable to denial of service attacks. The vulnerability exists in the ‘check_state_independent_auth_rules’ function in ‘event_auth.py’ due to a lack of validation event authorization which allows an attacker to craft a malicious event and crash the system.
References
github.com/advisories/GHSA-jhjh-776m-4765
github.com/matrix-org/synapse/commit/e16ea87d0f8c4c30cad36f85488eb1f647e640b0
github.com/matrix-org/synapse/pull/13087
github.com/matrix-org/synapse/pull/13087
github.com/matrix-org/synapse/pull/13088
github.com/matrix-org/synapse/releases/tag/v1.62.0
github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765
Related
ubuntucve
ubuntucve
CVE-2022-31152
2022-09-02 00:00:00
osv
osv
PYSEC-2022-262
2022-09-02 20:15:00
CVE-2022-31152
2022-09-02 20:15:08
Denial of service due to incorrect application of event authorization rules
2022-08-31 21:25:37
alpinelinux
alpinelinux
CVE-2022-31152
2022-09-02 20:15:00
cvelist
cvelist
prion
prion
Authorization
2022-09-02 20:15:00
debiancve
debiancve
CVE-2022-31152
2022-09-02 20:15:08
cve
cve
CVE-2022-31152
2022-09-02 20:15:08
nvd
nvd
CVE-2022-31152
2022-09-02 20:15:08
github
github
Denial of service due to incorrect application of event authorization rules
2022-08-31 21:25:37