CVE-2018-10657
published 2018-05-02CVE-2018-10657: Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
ITW
Exploited in the wild
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | matrix-synapse | < matrix-synapse 0.28.1+dfsg-1 (forky) | matrix-synapse 0.28.1+dfsg-1 (forky) |
| matrix | synapse | < 0.28.1 | 0.28.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vulncheck7.5HIGH