⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-10657Improper Input Validation in Synapse

CWE-20Improper Input Validation11 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.13%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Matrix Synapse
Timeline
PublishedMay 2
Latest updateMay 16

Description

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDmatrix/synapse< 0.28.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
matrix-synapse vulnerabilities2023-05-16
GHSA
Matrix Synapse DoS2022-05-14
OSV
Matrix Synapse DoS2022-05-14
CVEList
CVE-2018-10657: Matrix Synapse before 02018-05-02
OSV
CVE-2018-10657: Matrix Synapse before 02018-05-02

📋Vendor Advisories

2
Ubuntu
Synapse vulnerabilities2023-05-16
Debian
CVE-2018-10657: matrix-synapse - Matrix Synapse before 0.28.1 is prone to a denial of service flaw where maliciou...2018

💬Community

2
Bugzilla
CVE-2018-10657 matrix-synapse: Injection of malicious events with a depth size of 2^63-1 can cause a denial of service to making rooms unusable [fedora-all]2018-05-04
Bugzilla
CVE-2018-10657 matrix-synapse: Injection of malicious events with a depth size of 2^63-1 can cause a denial of service to making rooms unusable2018-05-04
CVE-2018-10657 — Improper Input Validation in Synapse | cvebase