vulnerability

Arch Linux: Denial of service (CVE-2021-29471)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	May 11, 2021	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

May 11, 2021

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.

Solution

arch-linux-upgrade-latest

References

CVE-2021-29471
https://attackerkb.com/topics/CVE-2021-29471
URL-https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c
URL-https://github.com/matrix-org/synapse/releases/tag/v1.33.2
URL-https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/
URL-https://security.archlinux.org/ASA-202105-19
CWE-400
CWE-331

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today