Disk Fill Attack Vulnerability in Synapse Open-Source Matrix Homeserver
CVE-2024-37302
What is CVE-2024-37302?
Synapse, an open-source Matrix homeserver, is susceptible to a disk fill attack in versions prior to 1.106. This vulnerability allows unauthenticated attackers to compel Synapse to download and cache excessive amounts of remote media, overwhelming system resources. The default rate limiting strategy fails to effectively prevent this, potentially resulting in a denial of service. This may manifest as limited media upload/download capabilities or complete unavailability of the Synapse service, contingent on deployment configurations. While version 1.106 implements a 'leaky bucket' rate limiting mechanism for remote media downloads, it does not entirely resolve the issue, merely constraining the volume of data an unauthenticated user can request.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.