Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

GHSA-7h5v-85w9-pq6c

Published May 19, 2021 · Modified Dec 2, 2024

Description

Impact

Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

Patches

The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

Workarounds

There are no known workarounds.

References

n/a

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

References

WEB https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c
WEB https://github.com/matrix-org/synapse/pull/9855

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes