CVE-2024-52805

Sažetak

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

Reference

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

03-12-2024 - 17:15

Objavljeno

03-12-2024 - 17:15