vulnerability

FreeBSD: VID-278561d7-b261-11eb-b788-901b0e934d69 (CVE-2021-29471): py-matrix-synapse -- malicious push rules may be used for a denial of service attack.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	May 11, 2021	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

May 11, 2021

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Matrix developers report: "Push rules" can specify conditions under which they will match, including event_match, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events.

Solutions

freebsd-upgrade-package-py36-matrix-synapsefreebsd-upgrade-package-py37-matrix-synapsefreebsd-upgrade-package-py38-matrix-synapsefreebsd-upgrade-package-py39-matrix-synapse

References

CVE-2021-29471
https://attackerkb.com/topics/CVE-2021-29471
CWE-400
CWE-331

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today