Lucene search

K

Veracode Vulnerability DatabaseVERACODE:46600

HistoryApr 24, 2024 - 6:39 a.m.

Denial Of Service (DoS)

2024-04-2406:39:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

denial of service

vulnerability

cpu consumption

database accumulation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.3%

matrix_synapse is vulnerable to a Denial of Service attack. The vulnerability is due to a weakness in how the auth chain cover index is calculated, which allows an attacker to dispatch specially crafted events that induce high CPU consumption and excessive data accumulation in the database, resulting in Denial of Service.

References

github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a

github.com/element-hq/synapse/releases/tag/v1.105.1

github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v

lists.fedoraproject.org/archives/list/[email protected]/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/

lists.fedoraproject.org/archives/list/[email protected]/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/

lists.fedoraproject.org/archives/list/[email protected]/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.3%

Related for VERACODE:46600

freebsd1 ubuntucve1 alpinelinux1 osv4 nessus4 fedora6 openvas6 nvd1 cvelist1 github1 debiancve1 vulnrichment1 cve1