From 2693b21c47ee8648e75ccbb18aad2b11eca4d27c Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Wed, 24 Apr 2024 20:49:57 +0000 Subject: security/vuxml: Document matrix-synapse vulnerability --- security/vuxml/vuln/2024.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 97d2a1744607..c28463cdfc36 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,34 @@ + + py-matrix-synapse -- weakness in auth chain indexing allows DoS + + + py38-matrix-synapse + py39-matrix-synapse + py310-matrix-synapse + py311-matrix-synapse + 1.105.1 + + + + +

Matrix developers report:

+
Weakness in auth chain indexing allows DoS from remote + room members through disk fill and high CPU usage. (High severity)
+

+ + + + CVE-2024-31208 + https://element.io/blog/security-release-synapse-1-105-1/ + https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v + + + 2024-04-23 + 2024-04-24 + + + Gitlab -- vulnerabilities -- cgit v1.2.3