Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Moderate severity
GitHub Reviewed
Published
May 11, 2021
in
matrix-org/synapse
•
Updated Jan 9, 2023
Description
Reviewed
May 19, 2021
Published to the GitHub Advisory Database
May 19, 2021
Last updated
Jan 9, 2023
Impact
Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.
Patches
The issue is fixed by matrix-org/synapse#9855.
Workarounds
There are no known workarounds.
References
n/a
For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
References