vulnerability
FreeBSD: VID-2327234d-fc4b-11ea-adef-641c67a117d8: py-matrix-synapse -- malformed events may prevent users from joining federated rooms
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 21, 2020 | Sep 22, 2020 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 21, 2020
Added
Sep 22, 2020
Modified
Dec 10, 2025
Description
Problem Description: Affected Synapse versions assume that all events have an "origin" field set. If an event without the "origin" field is sent into a federated room, servers not already joined to the room will be unable to do so due to failing to fetch the malformed event. Impact: An attacker could cause a denial of service by deliberately sending a malformed event into a room, thus preventing new servers (and thus their users) from joining the room.
Solutions
freebsd-upgrade-package-py36-matrix-synapsefreebsd-upgrade-package-py37-matrix-synapsefreebsd-upgrade-package-py38-matrix-synapse
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.