A security issue was found in Synapse before 1.20.0. A denial of service attack against Matrix clients could be performed by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
A security issue was found in Synapse before 1.20.0. A denial of service attack against Matrix clients could be performed by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f https://github.com/matrix-org/synapse/pull/8106 https://github.com/matrix-org/synapse/pull/8106/commits/c88c15b5fcf26940515b0f6398981ea5fab25347 https://github.com/matrix-org/synapse/pull/8106/commits/248d8284fa850289689f9ae87d2c807b58d7a812 https://github.com/matrix-org/synapse/pull/8106/commits/5516ae216d8cfe34b04ad190d8ec3c50bec07835 https://github.com/matrix-org/synapse/pull/8291 https://github.com/matrix-org/synapse/pull/8291/commits/1cad688bda57dcc8f9c09dff30fcbce818a3a20d https://github.com/matrix-org/synapse/pull/8291/commits/4d654058dec5a77e2d1c50251ac8cd86c2e8e98f