Allocation Of Resources Without Limits

🗓️ 06 Dec 2024 11:45:47Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 6 Views

Synapse has a vulnerability due to improper handling of multipart/form-data, enabling resource exhaustion.

Reporter	Title	Published	Views	Family All 33
FreeBSD	py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1	3 Dec 202400:00	–	freebsd
AlpineLinux	CVE-2024-52805	3 Dec 202417:01	–	alpinelinux
Circl	CVE-2024-52805	3 Dec 202417:09	–	circl
CNNVD	Element Synapse 安全漏洞	3 Dec 202400:00	–	cnnvd
CVE	CVE-2024-52805	3 Dec 202417:01	–	cve
Cvelist	CVE-2024-52805 Synapse allows unsupported content types to lead to memory exhaustion	3 Dec 202417:01	–	cvelist
Debian CVE	CVE-2024-52805	3 Dec 202417:01	–	debiancve
EUVD	EUVD-2024-3505	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-3.fc40	13 Dec 202401:37	–	fedora
Fedora	[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-3.fc41	13 Dec 202401:35	–	fedora

Vulners

Node

matrix synapseMatch1.119.0-r0python

AND

matrix synapseMatch1.118.0-r0python

AND

alpinelinux alpine_linuxMatch3.21

matrix synapseMatch1.36.0-r0python

AND

matrix synapseMatch1.110.0-r0python

AND

matrix synapseMatch1.12.4-r0python

AND

matrix synapseMatch1.38.0-r0python

AND

matrix synapseMatch1.104.0-r0python

AND

matrix synapseMatch1.66.0-r0python

AND

matrix synapseMatch1.32.2-r0python

AND

matrix synapseMatch1.49.2-r0python

AND

matrix synapseMatch1.86.0-r1python

AND

matrix synapseMatch1.80.0-r0python

AND

matrix synapseMatch1.116.0-r0python

AND

matrix synapseMatch1.119.0-r0python

AND

matrix synapseMatch1.114.0-r0python

AND

matrix synapseMatch1.105.1-r1python

AND

matrix synapseMatch1.104.0-r1python

AND

matrix synapseMatch1.57.1-r0python

AND

matrix synapseMatch1.40.0-r0python

AND

matrix synapseMatch1.63.1-r0python

AND

matrix synapseMatch1.88.0-r0python

AND

matrix synapseMatch1.83.0-r0python

AND

matrix synapseMatch1.111.0-r0python

AND

matrix synapseMatch1.55.2-r0python

AND

matrix synapseMatch1.45.1-r0python

AND

matrix synapseMatch1.87.0-r0python

AND

matrix synapseMatch1.93.0-r0python

AND

matrix synapseMatch1.62.0-r0python

AND

matrix synapseMatch1.34.0-r0python

AND

matrix synapseMatch1.86.0-r0python

AND

matrix synapseMatch1.58.1-r0python

AND

matrix synapseMatch1.64.0-r0python

AND

matrix synapseMatch1.117.0-r0python

AND

matrix synapseMatch1.72.0-r0python

AND

matrix synapseMatch1.74.0-r0python

AND

matrix synapseMatch1.41.1-r0python

AND

matrix synapseMatch1.48.0-r0python

AND

matrix synapseMatch1.29.0-r0python

AND

matrix synapseMatch1.42.0-r0python

AND

matrix synapseMatch1.75.0-r1python

AND

matrix synapseMatch1.111.0-r1python

AND

matrix synapseMatch1.46.0-r0python

AND

matrix synapseMatch1.51.0-r0python

AND

matrix synapseMatch1.94.0-r0python

AND

matrix synapseMatch1.12.3-r0python

AND

matrix synapseMatch1.105.1-r0python

AND

matrix synapseMatch1.71.0-r0python

AND

matrix synapseMatch1.92.3-r0python

AND

matrix synapseMatch1.73.0-r0python

AND

matrix synapseMatch1.96.1-r0python

AND

matrix synapseMatch1.85.2-r0python

AND

matrix synapseMatch1.39.0-r0python

AND

matrix synapseMatch1.100.0-r0python

AND

matrix synapseMatch1.65.0-r0python

AND

matrix synapseMatch1.30.1-r0python

AND

matrix synapseMatch1.81.0-r0python

AND

matrix synapseMatch1.12.0-r0python

AND

matrix synapseMatch1.84.1-r0python

AND

matrix synapseMatch1.115.0-r0python

AND

matrix synapseMatch1.79.0-r1python

AND

matrix synapseMatch1.112.0-r0python

AND

matrix synapseMatch1.59.1-r0python

AND

matrix synapseMatch1.113.0-r0python

AND

matrix synapseMatch1.101.0-r0python

AND

matrix synapseMatch1.118.0-r0python

AND

matrix synapseMatch1.37.1-r0python

AND

matrix synapseMatch1.70.1-r0python

AND

matrix synapseMatch1.64.0-r1python

AND

matrix synapseMatch1.90.0-r0python

AND

matrix synapseMatch1.77.0-r0python

AND

matrix synapseMatch1.91.2-r0python

AND

matrix synapseMatch1.63.0-r0python

AND

matrix synapseMatch1.78.0-r0python

AND

matrix synapseMatch1.82.0-r0python

AND

matrix synapseMatch1.11.1-r0python

AND

matrix synapseMatch1.31.0-r0python

AND

matrix synapseMatch1.61.0-r0python

AND

matrix synapseMatch1.95.1-r0python

AND

matrix synapseMatch1.51.0-r1python

AND

matrix synapseMatch1.35.0-r0python

AND

matrix synapseMatch1.61.1-r0python

AND

matrix synapseMatch1.14.0-r0python

AND

matrix synapseMatch1.67.0-r0python

AND

matrix synapseMatch1.56.0-r0python

AND

matrix synapseMatch1.38.1-r0python

AND

matrix synapseMatch1.89.0-r0python

AND

matrix synapseMatch1.43.0-r0python

AND

matrix synapseMatch1.106.0-r0python

AND

matrix synapseMatch1.76.0-r0python

AND

matrix synapseMatch1.44.0-r0python

AND

alpinelinux alpine_linuxMatchedge

matrix synapseMatch1.111.0-r0python

AND

matrix synapseMatch1.111.0-r1python

AND

matrix synapseMatch1.105.1-r1python

AND

matrix synapseMatch1.110.0-r0python

AND

matrix synapseMatch1.112.0-r0python

AND

matrix synapseMatch1.106.0-r0python

AND

matrix synapseMatch1.116.0-r0python

AND

matrix synapseMatch1.117.0-r0python

AND

matrix synapseMatch1.118.0-r0python

AND

matrix synapseMatch1.115.0-r0python

AND

matrix synapseMatch1.113.0-r0python

AND

matrix synapseMatch1.114.0-r0python

AND

alpinelinux alpine_linuxMatch3.20

matrix-synapse matrix-synapseMatch1.23.0-1debian

AND

debian debian_linuxMatch999

matrix_synapse matrix_synapseRange0.34.0rc2–1.120.0python

Source	Link
github	www.github.com/twisted/twisted/issues/4688
github	www.github.com/twisted/twisted/issues/4688
github	www.github.com/element-hq/synapse/commit/4b7154c58501b4bf5e1c2d6c11ebef96529f2fdf
github	www.github.com/advisories/GHSA-rfq8-j7rh-8hf2
github	www.github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2

07 Dec 2024 21:53Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.5

CVSS 48.2

EPSS0.01089

SSVC

vulnerability resource allocation memory consumption denial of service attacks