Home > Vulnerability Database > CVE-2024-52791

Mend.io Vulnerability Database

CVE-2024-52791

Good to know:

Date: January 16, 2025

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52791

Url: https://github.com/t2bot/matrix-media-repo

Url: https://pkg.go.dev/vuln/GO-2025-3398

Url: https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj

Url: https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8

Url: https://www.mend.io/vulnerability-database/CVE-2024-52791

Severity Score

5.3

Weakness Type (CWE)

Memory Allocation with Excessive Size Value

CWE-789

Top Fix

Upgrade Version

Upgrade to version github.com/t2bot/matrix-media-repo - v1.3.8

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52791

Good to know:

Date: January 16, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?