QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52805

Published: Dec 3, 2024

Modified: Dec 3, 2024

PUBLISHED

Description

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

Vendor	Product	Versions
element-hq	synapse	affected `< 1.120.1`

Weaknesses (CWE)

References

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2

x_refsource_CONFIRM

https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518

x_refsource_MISC

https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.