{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-45129","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2023-10-04T16:02:46.328Z","datePublished":"2023-10-10T17:17:11.146Z","dateUpdated":"2025-02-13T17:13:47.801Z"},"containers":{"cna":{"title":"matrix-synapse vulnerable to denial of service due to malicious server ACL events","problemTypes":[{"descriptions":[{"cweId":"CWE-770","lang":"en","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4","tags":["x_refsource_CONFIRM"],"url":"https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4"},{"name":"https://github.com/matrix-org/synapse/pull/16360","tags":["x_refsource_MISC"],"url":"https://github.com/matrix-org/synapse/pull/16360"},{"name":"https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version","tags":["x_refsource_MISC"],"url":"https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/"},{"url":"https://security.gentoo.org/glsa/202401-12"}],"affected":[{"vendor":"matrix-org","product":"synapse","versions":[{"version":"< 1.94.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-01-07T11:08:07.295Z"},"descriptions":[{"lang":"en","value":"Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API."}],"source":{"advisory":"GHSA-5chr-wjw5-3gq4","discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T20:14:19.828Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4"},{"name":"https://github.com/matrix-org/synapse/pull/16360","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/matrix-org/synapse/pull/16360"},{"name":"https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version","tags":["x_refsource_MISC","x_transferred"],"url":"https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/","tags":["x_transferred"]},{"url":"https://security.gentoo.org/glsa/202401-12","tags":["x_transferred"]}]}]}}