CVE-2018-16515 — Improper Verification of Cryptographic Signature in Synapse

CWE-347 — Improper Verification of Cryptographic Signature8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matrix Synapse Debian Linux

Timeline

PublishedSep 18

Latest updateMay 16

Description

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmatrix/synapse< 0.33.3.1

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Matrix Synapse Improper Signature Validation↗2022-05-13

▶

OSV

Matrix Synapse Improper Signature Validation↗2022-05-13

▶

CVEList

CVE-2018-16515: Matrix Synapse before 0↗2018-09-18

▶

OSV

CVE-2018-16515: Matrix Synapse before 0↗2018-09-18

▶

📋Vendor Advisories

Ubuntu

Synapse vulnerabilities↗2023-05-16

▶

Debian

CVE-2018-16515: matrix-synapse - Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possi...↗2018

▶

💬Community

Bugzilla

CVE-2018-16515 matrix-synapse: pre-disclosure of critical vulnerability↗2018-09-06

▶