Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-39374

Good to know:

icon
icon

Date: May 26, 2023

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0

Language: Python

Severity Score

Related Resources (9)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD
https://github.com/matrix-org/synapse/commit/b73cbb82157d9666e8d667733afebc0d09ed858c
https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-66.yaml
https://nvd.nist.gov/vuln/detail/CVE-2022-39374
https://github.com/matrix-org/synapse/pull/13723
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/
https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7
https://github.com/matrix-org/synapse
https://www.mend.io/vulnerability-database/CVE-2022-39374

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version matrix-synapse - 1.68.0rc1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us