CVE-2021-21274

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Information

Published : 2021-02-26 10:15

Updated : 2022-10-24 13:49


NVD link : CVE-2021-21274

Mitre link : CVE-2021-21274


JSON object : View

CWE
CWE-770

Allocation of Resources Without Limits or Throttling

Advertisement

dedicated server usa

Products Affected

matrix

  • synapse

fedoraproject

  • fedora