diff options
author | Erik Johnston <erik@matrix.org> | 2024-04-23 15:24:08 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2024-04-23 15:25:49 +0100 |
commit | 55b0aa847a61774b6a3acdc4b177a20dc019f01a (patch) | |
tree | 42ac888e03ce3c5a770f66cb8468468591bd8c2c /.github/dependabot.yml | |
parent | 1.105.0 (diff) | |
download | synapse-55b0aa847a61774b6a3acdc4b177a20dc019f01a.tar.xz |
Fix GHSA-3h7q-rfh9-xm4v
Weakness in auth chain indexing allows DoS from remote room members through disk fill and high CPU usage. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.104.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected.
Diffstat (limited to '.github/dependabot.yml')
0 files changed, 0 insertions, 0 deletions