Richvdh

**Name of the Vulnerable Software and Affected Versions** matrix-rust-sdk versions 0.8.0 through 0.11.0 **Description** The issue arises from the failure to correctly validate the sender of an encrypted event in the matrix-sdk-crypto component. This allows a malicious homeserver operator to modify events served to clients, making those events appear to the recipient as if they were sent by another user. **Recommendations** For versions 0.8.0 through 0.11.0, update to version 0.11.1 or 0.12.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synapse versions up to and including 1.61.0 **Description** The issue arises from the incorrect application of event authorization rules as specified in the Matrix specification, potentially causing divergence in room state between servers. An attacker could craft events that would be accepted by Synapse but not by a spec-conformant server. **Recommendations** For Synapse versions up to and including 1.61.0, upgrade to version 1.62.0 or higher. As a temporary workaround, consider disabling federation by setting `federation domain whitelist` to an empty list (`[]`).

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to the versions including fixes 9e57334, 8936925, 3d531ed, 0f00412 Description: The issue allows Sydent to be induced to send HTTP GET requests to internal systems due to a lack of parameter validation or IP address blacklisting. Although it is not possible to exfiltrate data or control request headers, the attack might be used to perform an internal port enumeration. Recommendations: For versions prior to the fixed versions, update to a version that includes the fixes 9e57334, 8936925, 3d531ed, 0f00412 to resolve the issue. As a temporary workaround, consider configuring a firewall to prevent Sydent from reaching internal HTTP resources.

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to 89071a1, 0523511, f56eee3 Description: Sydent is a reference Matrix identity server that does not limit the size of requests it receives from HTTP clients, allowing a malicious user to send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Additionally, Sydent does not limit response size for requests it makes to remote Matrix homeservers, which could lead to memory exhaustion and denial of service if a malicious homeserver returns a very large response. This issue affects any server that accepts registration requests from untrusted clients. Recommendations: For versions prior to 89071a1, 0523511, f56eee3, update to one of these releases to resolve the issue. As a temporary workaround, consider limiting request sizes in an HTTP reverse-proxy to minimize the risk of exploitation. Note: There are no known workarounds for the problem with overlarge responses from remote Matrix homeservers.

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to 4469d1d Description: A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address, potentially constructing plausible phishing emails. Recommendations: For versions prior to 4469d1d, update to a version that includes the fixes, such as 4469d1d, 6b405a8, or 65a6e91. Note that if the default email templates have been locally modified, they must also be updated to prevent exploitation. As a temporary workaround, consider restricting access to the email functionality in Sydent until the update can be applied.

Name of the Vulnerable Software and Affected Versions: Sydent versions 2.2.0 and prior Description: The issue is related to missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could cause excessive use of disk space and memory leading to resource exhaustion. Recommendations: For Sydent versions 2.2.0 and prior, update to version 2.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the endpoints used to confirm third-party identifiers until a patch is applied. Avoid using parameters that are not properly validated on these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.33.2 **Description** The issue is related to uncontrolled resource consumption in Synapse's push rules. It allows a remote attacker to cause a denial-of-service. The problem arises when certain patterns, including wildcards, are used in the `event match` condition, leading to poor performance in the matching engine when processing moderate length events. **Recommendations** For versions prior to 1.33.2, update to version 1.33.2 to resolve the issue. As a temporary workaround, consider preventing users from making custom push rules by blocking such requests at a reverse-proxy.

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.28.0 **Description** The issue is related to missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could cause excessive use of disk space and memory leading to resource exhaustion. This affects the groups feature, also known as communities, which is not part of the Matrix specification. The chosen maximum lengths are arbitrary, and not all clients might abide by them. **Recommendations** For versions prior to 1.28.0, consider disabling the groups feature by setting `enable group creation` to `False` to mitigate this issue. Note that the groups feature is disabled by default. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it is fixed by updating to version 1.28.0 or later.

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.28.0 **Description** The issue affects Synapse, a Matrix reference homeserver written in python, where requests to user-provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. This could cause Synapse to make requests to internal infrastructure on dual-stack networks, affecting outbound requests to federation, identity servers, key validity calculations for third-party invite events, push notifications, and URL previews. **Recommendations** For Synapse versions prior to 1.28.0, update to version 1.28.0 or later to resolve the issue. As a temporary workaround, consider blocking outbound requests to the following address ranges by a firewall, if unused for internal communication between systems: `::ffff/80`, `::0000/80`, and `2002::/16`.

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.28.0 **Description** The issue is caused by missing input validation of some parameters on the endpoints used to confirm third-party identifiers, which could lead to excessive use of disk space and memory, resulting in resource exhaustion. The affected endpoints include "/ matrix/client/(r0|unstable)/register/email", "/ matrix/client/(r0|unstable)/register/msisdn", "/ matrix/client/(r0|unstable)/account/password", and "/ matrix/client/(r0|unstable)/account/3pid". **Recommendations** For versions prior to 1.28.0, consider the following workarounds: 1. Disable using email as third-party identifiers by not configuring the `email` setting. 2. Disable using phone numbers as third-party identifiers by ensuring that `account threepid delegates.msisdn` is not configured. 3. Block the affected endpoint patterns at a reverse proxy, including "^/ matrix/client/(r0|unstable)/register/email", "^/ matrix/client/(r0|unstable)/register/msisdn", "^/ matrix/client/(r0|unstable)/account/password", and "^/ matrix/client/(r0|unstable)/account/3pid". Update to version 1.28.0 or later to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Matrix Synapse versions prior to 0.33.3.1 Matrix Synapse version 0.33.2.1 **Description** The issue allows remote attackers to spoof events and possibly have other impacts by leveraging improper transaction and event signature validation. **Recommendations** For Matrix Synapse versions prior to 0.33.3.1, update to version 0.33.3.1 or later. For Matrix Synapse version 0.33.2.1, update to version 0.33.3.1 or later.