CVE-2023-45129
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-45129
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45129.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-45129
- Aliases
- Related
- Published
- 2023-10-10T18:15:19Z
- Modified
- 2024-10-16T17:50:46.063245Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
- References
-
- https://github.com/matrix-org/synapse/pull/16360
- https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4
- https://security.gentoo.org/glsa/202401-12
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEVRB4MG5UXQ5RLZHSUJXM5GWEBYYS5B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WRO4MPQ6HOXIUZM6RJP6VTCTMV7RD2T3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
- https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version
- https://security-tracker.debian.org/tracker/CVE-2023-45129
Affected packages
Debian:13 / matrix-synapse
Package
- Name
- matrix-synapse
- Purl
- pkg:deb/debian/matrix-synapse?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.94.0-1
Affected versions
0.*
0.19.2+dfsg-3
0.19.2+dfsg-4
0.19.2+dfsg-5
0.19.2+dfsg-6
0.24.0+dfsg-1
0.27.2+dfsg-1
0.28.0+dfsg-1
0.28.0+dfsg-2
0.28.1+dfsg-1
0.29.1+dfsg-1
0.30.0+dfsg-1
0.31.0+dfsg-1
0.31.0+dfsg-2
0.31.1+dfsg-1
0.31.1+dfsg-2
0.31.2+dfsg-1
0.32.2+dfsg-1
0.33.0+dfsg-1
0.33.1+dfsg-1
0.33.2+dfsg-1
0.33.2+dfsg-2
0.33.2+dfsg-3
0.33.3-1
0.33.3-2
0.33.3.1-1
0.33.4-1~bpo9+1
0.33.4-1
0.33.8-1
0.33.9-2~bpo9+1
0.33.9-2
0.34.0~rc2-1
0.34.0-1
0.34.0-2
0.34.0-3~bpo9+1
0.34.0-3~bpo9+2
0.34.0-3
0.34.1.1-1
0.34.1.1-2~bpo9+1
0.34.1.1-2
0.34.1.1-3~bpo9+1
0.34.1.1-3~bpo9+2
0.34.1.1-3
0.34.1.1-4
0.99.0-1~bpo9+1
0.99.0-1~bpo9+2
0.99.0-1~bpo9+3
0.99.0-1
0.99.1.1-1
0.99.2-1~bpo9+1
0.99.2-1~bpo9+2
0.99.2-1
0.99.2-2
0.99.2-3
0.99.2-4
0.99.2-5~bpo9+1
0.99.2-5
0.99.2-6
0.99.3.2-1
0.99.5.1-1
0.99.5.2-1
1.*
1.0.0-1
1.0.0-2~bpo10+1
1.0.0-2
1.1.0-1
1.2.1-1~bpo10+1
1.2.1-1~bpo10+2
1.2.1-1
1.2.1-2
1.3.0-1~bpo10+1
1.3.0-1
1.4.0~rc1-1
1.4.0-1
1.5.0~rc1-1
1.5.0-1
1.5.1-1~bpo10+1
1.5.1-1
1.6.0-1
1.6.1-1~bpo10+1
1.6.1-1
1.7.0-1
1.7.0-2
1.7.1-1
1.7.2-1~bpo10+1
1.7.2-1
1.7.3-1~bpo10+1
1.7.3-1
1.8.0-1
1.9.0-1~bpo10+1
1.9.0-1
1.9.1-1~bpo10+1
1.9.1-1
1.10.0-1
1.10.0-2
1.11.0-1
1.11.1-1~bpo10+1
1.11.1-1
1.12.0-1~bpo10+1
1.12.0-1
1.12.3-1~bpo10+1
1.12.3-1
1.12.4-1~bpo10+1
1.12.4-1
1.13.0-1~bpo10+1
1.13.0-1
1.15.0-1
1.15.1-1~bpo10+1
1.15.1-1~bpo10+2
1.15.1-1
1.15.2-1
1.16.0-1
1.17.0-1~bpo10+1
1.17.0-1
1.18.0-1~bpo10+1
1.18.0-1
1.19.0-1~bpo10+1
1.19.0-1
1.19.1-1~bpo10+1
1.19.1-1~bpo10+2
1.19.1-1~bpo10+3
1.19.1-1
1.19.2-1
1.19.3-1
1.20.0-1
1.20.1-1~bpo10+1
1.20.1-1
1.21.1-1
1.21.2-1~bpo10+1
1.21.2-1
1.22.1-1~bpo10+1
1.22.1-1
1.22.1-2~bpo10+1
1.22.1-2
1.23.0-1~bpo10+1
1.23.0-1
1.24.0-1~bpo10+1
1.24.0-1
1.24.0-2
1.25.0-1~bpo10+1
1.25.0-1
1.25.0-2
1.26.0-1~bpo10+1
1.26.0-1~bpo10+2
1.26.0-1~bpo10+3
1.26.0-1
1.26.0-2
1.26.0-3
1.27.0-1~bpo10+1
1.27.0-1~bpo10+2
1.27.0-1~bpo10+3
1.27.0-1
1.28.0-1~bpo10+1
1.28.0-1~bpo10+2
1.28.0-1
1.29.0-1
1.30.0-1
1.31.0-1
1.31.0-2
1.33.2-1
1.34.0-1
1.35.0-1
1.35.1-1
1.36.0-1
1.37.0-1
1.37.1-1
1.38.0-1
1.38.1-1
1.39.0-1
1.40.0-1~bpo10+1
1.40.0-1~bpo11+1
1.40.0-1
1.41.1-1~bpo10+1
1.41.1-1~bpo11+1
1.41.1-1
1.42.0-1~bpo10+1
1.42.0-1~bpo11+1
1.42.0-1
1.43.0-1~bpo10+1
1.43.0-1~bpo11+1
1.43.0-1
1.44.0-1~bpo10+1
1.44.0-1~bpo11+1
1.44.0-1
1.44.0-2
1.45.0-1
1.45.1-1~bpo10+1
1.45.1-1~bpo11+1
1.45.1-1
1.46.0-1~bpo10+1
1.46.0-1~bpo10+2
1.46.0-1~bpo11+1
1.46.0-1~bpo11+2
1.46.0-1~bpo11+3
1.46.0-1
1.47.0-1
1.47.0-2~bpo10+1
1.47.0-2~bpo11+1
1.47.0-2
1.47.1-1~bpo10+1
1.47.1-1~bpo11+1
1.47.1-1
1.48.0-1~bpo10+1
1.48.0-1~bpo11+1
1.48.0-1
1.49.0-1~bpo10+1
1.49.0-1~bpo10+2
1.49.0-1~bpo10+4
1.49.0-1~bpo11+1
1.49.0-1~bpo11+2
1.49.0-1~bpo11+3
1.49.0-1
1.49.2-1
1.50.0-1
1.50.1-1
1.50.2-1
1.51.0-1~bpo10+1
1.51.0-1~bpo10+2
1.51.0-1~bpo10+3
1.51.0-1~bpo11+1
1.51.0-1~bpo11+2
1.51.0-1
1.52.0-1~bpo10+1
1.52.0-1~bpo11+1
1.52.0-1
1.53.0-1~bpo11+1
1.53.0-1
1.55.0-1~bpo11+1
1.55.0-1
1.55.0-2
1.56.0-1
1.57.1-1~bpo11+1
1.57.1-1
1.59.1-1
1.59.1-2~bpo11+1
1.59.1-2
1.61.0-1~bpo11+1
1.61.0-1~bpo11+2
1.61.0-1~bpo11+3
1.61.0-1
1.61.0-2
1.61.0-3
1.61.1-1
1.63.0-1~bpo11+1
1.63.0-1
1.64.0-1
1.64.0-2
1.64.0-3
1.65.0-1
1.66.0-1~bpo11+1
1.66.0-1
1.66.0-2
1.68.0-1~bpo11+1
1.68.0-1
1.69.0-1~bpo11+1
1.69.0-1
1.70.1-1~bpo11+1
1.70.1-1
1.71.0-1
1.71.0-2~bpo11+1
1.71.0-2
1.72.0-1~bpo11+1
1.72.0-1
1.73.0-1~bpo11+1
1.73.0-1
1.74.0-1~bpo11+1
1.74.0-1~bpo11+2
1.74.0-1
1.77.0-1
1.78.0-1~bpo11+1
1.78.0-1
1.90.0-1
1.91.2-1
1.91.2-2~bpo12+1
1.91.2-2
1.92.0-1
1.92.0-2
1.92.0-3~bpo12+1
1.92.0-3
1.93.0-1
1.94.0-1~bpo12+1