CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29471 – Denial of service in Matrix Synapse
https://notcve.org/view.php?id=CVE-2021-29471
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. • https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c https://github.com/matrix-org/synapse/releases/tag/v1.33.2 https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY • CWE-331: Insufficient Entropy CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29453 – Denial of service through memory exhaustion
https://notcve.org/view.php?id=CVE-2021-29453
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability. matrix-media-repo es un repositorio de medios multidominio de código abierto para Matrix. • https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7 https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1&ordering=last_updated • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29431 – SSRF in Sydent due to missing validation of hostnames
https://notcve.org/view.php?id=CVE-2021-29431
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. • https://github.com/matrix-org/sydent/commit/0f00412017f25619bc36c264b29ea96808bf310a https://github.com/matrix-org/sydent/commit/3d531ed50d2fd41ac387f36d44d3fb2c62dd22d3 https://github.com/matrix-org/sydent/commit/8936925f561b0c352c2fa922d5097d7245aad00a https://github.com/matrix-org/sydent/commit/9e573348d81df8191bbe8c266c01999c9d57cd5f https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4 https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29432 – Malicious users could control the content of invitation emails
https://notcve.org/view.php?id=CVE-2021-29432
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. Sydent es un servidor de identidad de matriz de referencia. • https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42 https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29430 – Denial of service attack via memory exhaustion
https://notcve.org/view.php?id=CVE-2021-29430
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. • https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7 https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428 https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9 https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •