Skip to content

Denial of service attack due to invalid JSON

High severity GitHub Reviewed Published Nov 23, 2020 in matrix-org/synapse • Updated Feb 1, 2023

Package

pip matrix-synapse (pip)

Affected versions

< 1.20.0

Patched versions

1.20.0

Description

Impact

A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.

Patches

At a minimum #8106 and #8291 must be applied. #7372 and #8124 include additional checks.

Workarounds

There are no known workarounds.

Upgrading notes

If an invalid event is accepted by an earlier Synapse it can become part of the room state and will not be fixed by upgrading Synapse. Redacting the invalid event should avoid clients receiving the invalid event.

References

@callahad callahad published to matrix-org/synapse Nov 23, 2020
Published by the National Vulnerability Database Nov 24, 2020
Reviewed Nov 24, 2020
Published to the GitHub Advisory Database Nov 24, 2020
Last updated Feb 1, 2023

Severity

High

EPSS score

0.793%
(82nd percentile)

Weaknesses

CVE ID

CVE-2020-26890

GHSA ID

GHSA-4mp3-385r-v63f

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.