Matrix Synapse Improper Signature Validation

GHSA-fmvh-rvq5-hhjx · CVE-2018-16515

Published May 13, 2022 · Modified Nov 8, 2023

Description

Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-16515
WEB https://github.com/matrix-org/synapse/issues/3796#event-1833126269
WEB https://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
WEB https://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
WEB https://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
WEB https://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
PACKAGE https://github.com/matrix-org/synapse
WEB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P
WEB https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes