Matrix Homeserver Vulnerability: High CPU Consumption and Data Exhaustion
CVE-2024-31208

6.5MEDIUM

Key Information:

Vendor

Element-hq

Status
Synapse
Vendor
CVE Published:
23 April 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-31208?

The Synapse Open-Source Matrix homeserver is susceptible to exploitation by a remote Matrix user sharing a room with instances running versions before 1.105.1. An attacker can send specially crafted events to take advantage of a flaw in the V2 state resolution algorithm. This exploitation can lead to increased CPU usage and cause excessive data to accumulate in the database, resulting in potential service disruption. Systems that do not engage in federated interactions are not impacted. Server administrators are encouraged to upgrade to version 1.105.1 or newer to mitigate this vulnerability. Additionally, administrators can implement workarounds by banning malicious users, applying access controls, or utilizing the admin API to purge affected rooms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

synapse < 1.105.1

News Articles

favicon imageMeterian

Meterian: Daily Vulnerabilities

Critical High Medium matrix-synapse CVE-2024-31208Synapse is an open-source Matrix...

References

https://github.com/element-hq/synapse/security/advisories...
x_refsource_CONFIRM
https://github.com/element-hq/synapse/commit/55b0aa847a61...
x_refsource_MISC
https://github.com/element-hq/synapse/releases/tag/v1.105.1
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Meterian

  • Vulnerability published

  • Vulnerability Reserved

JSON
.