Alexeyshch

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.105.1 **Description** A remote Matrix user with malicious intent, sharing a room with Synapse instances, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. **Recommendations** For versions prior to 1.105.1, server administrators should upgrade to 1.105.1 or later. As a temporary workaround, one can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.