Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Impact

Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

Patches

The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

Workarounds

There are no known workarounds.

References

n/a

For more information

If you have any questions or comments about this advisory, email us at [email protected].

Published: May 19, 2021
Updated: Apr 14, 2023
GHSA: GHSA-7h5v-85w9-pq6c
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
matrix-synapse	-	1.33.0

https://github.com/matrix-org/synapse/pull/9855
https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c