PT-2023-6464 · Synapse+1 · Synapse+1

Reivilibre

Publicado

2023-09-26

Atualizado

2024-06-15

CVE-2023-45129

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.94.0

Description The issue is related to a malicious server ACL event that can impact performance temporarily or permanently, leading to a persistent denial of service. Homeservers running on a closed federation are not affected. The vulnerability is associated with unregulated resource distribution.

Recommendations For Synapse versions prior to 1.94.0, upgrade to Synapse 1.94.0 or later. As a temporary workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

ALT-PU-2024-3315

BDU:2023-07183

CVE-2023-45129

GHSA-5CHR-WJW5-3GQ4

OPENSUSE-SU-2024:13320-1

PYSEC-2023-199

Produtos afetados

Alt Linux

Synapse

PT-2023-6464 · Synapse+1 · Synapse+1

CVE-2023-45129

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28