CVE-2018-10657

Published: May 2, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/

x_refsource_CONFIRM

https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-10657

Description

Affected Products

References