CVE-2018-10657
- Source
- https://cve.org/CVERecord?id=CVE-2018-10657
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10657.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-10657
- Aliases
- Downstream
- Published
- 2018-05-02T16:29:00.233Z
- Modified
- 2026-04-11T17:14:53.695560Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
- References
Affected packages
Git / github.com/matrix-org/synapse
Affected ranges
- Type
- GIT
- Repo
- https://github.com/matrix-org/synapse
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", "source": [ "CPE_FIELD", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "0.28.1" } ] }
Affected versions
v0.*
v0.10.0
v0.10.0-r1
v0.10.0-r2
v0.11.0
v0.11.0-r1
v0.11.0-r2
v0.11.1
v0.12.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.16.0
v0.16.1
v0.16.1-r1
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.18.5
v0.2.0
v0.2.1
v0.2.1a
v0.2.2
v0.23.0-rc1
v0.23.0-rc2
v0.25.0-rc1
v0.28.0
v0.28.0-rc1
v0.3.0
v0.3.3
v0.3.4
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.3a
v0.5.3b
v0.5.3c
v0.5.4
v0.5.4a
v0.6.0
v0.6.0a
v0.6.0b
v0.6.1
v0.6.1a
v0.6.1b
v0.6.1c
v0.6.1d
v0.6.1e
v0.6.1f
v0.7.0
v0.7.0a
v0.7.0b
v0.7.0c
v0.7.0d
v0.7.0e
v0.7.0f
v0.7.1
v0.7.1-r1
v0.7.1-r2
v0.7.1-r3
v0.7.1-r4
v0.8.0
v0.8.1
v0.8.1-r1
v0.8.1-r2
v0.8.1-r3
v0.8.1-r4
v0.9.0
v0.9.0-r1
v0.9.0-r2
v0.9.0-r3
v0.9.0-r4
v0.9.0-r5
v0.9.1
v0.9.2
v0.9.2-r1
v0.9.2-r2
v0.9.3