DEBIAN-CVE-2021-21274

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-21274

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-21274.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-21274

Upstream

CVE-2021-21274

Published

2021-02-26T18:15:12Z

Modified

2025-10-18T08:32:55.333936Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the federation_domain_whitelist setting can be used to restrict the homeservers communicated with over federation.

References

https://security-tracker.debian.org/tracker/CVE-2021-21274

Affected packages

Debian:14 / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/debian/matrix-synapse?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.0-1

Affected versions

0.*

0.19.2+dfsg-3

0.19.2+dfsg-4

0.19.2+dfsg-5

0.19.2+dfsg-6

0.24.0+dfsg-1

0.27.2+dfsg-1

0.28.0+dfsg-1

0.28.0+dfsg-2

0.28.1+dfsg-1

0.29.1+dfsg-1

0.30.0+dfsg-1

0.31.0+dfsg-1

0.31.0+dfsg-2

0.31.1+dfsg-1

0.31.1+dfsg-2

0.31.2+dfsg-1

0.32.2+dfsg-1

0.33.0+dfsg-1

0.33.1+dfsg-1

0.33.2+dfsg-1

0.33.2+dfsg-2

0.33.2+dfsg-3

0.33.3-1

0.33.3-2

0.33.3.1-1

0.33.4-1~bpo9+1

0.33.4-1

0.33.8-1

0.33.9-2~bpo9+1

0.33.9-2

0.34.0~rc2-1

0.34.0-1

0.34.0-2

0.34.0-3~bpo9+1

0.34.0-3~bpo9+2

0.34.0-3

0.34.1.1-1

0.34.1.1-2~bpo9+1

0.34.1.1-2

0.34.1.1-3~bpo9+1

0.34.1.1-3~bpo9+2

0.34.1.1-3

0.34.1.1-4

0.99.0-1~bpo9+1

0.99.0-1~bpo9+2

0.99.0-1~bpo9+3

0.99.0-1

0.99.1.1-1

0.99.2-1~bpo9+1

0.99.2-1~bpo9+2

0.99.2-1

0.99.2-2

0.99.2-3

0.99.2-4

0.99.2-5~bpo9+1

0.99.2-5

0.99.2-6

0.99.3.2-1

0.99.5.1-1

0.99.5.2-1

1.*

1.0.0-1

1.0.0-2~bpo10+1

1.0.0-2

1.1.0-1

1.2.1-1~bpo10+1

1.2.1-1~bpo10+2

1.2.1-1

1.2.1-2

1.3.0-1~bpo10+1

1.3.0-1

1.4.0~rc1-1

1.4.0-1

1.5.0~rc1-1

1.5.0-1

1.5.1-1~bpo10+1

1.5.1-1

1.6.0-1

1.6.1-1~bpo10+1

1.6.1-1

1.7.0-1

1.7.0-2

1.7.1-1

1.7.2-1~bpo10+1

1.7.2-1

1.7.3-1~bpo10+1

1.7.3-1

1.8.0-1

1.9.0-1~bpo10+1

1.9.0-1

1.9.1-1~bpo10+1

1.9.1-1

1.10.0-1

1.10.0-2

1.11.0-1

1.11.1-1~bpo10+1

1.11.1-1

1.12.0-1~bpo10+1

1.12.0-1

1.12.3-1~bpo10+1

1.12.3-1

1.12.4-1~bpo10+1

1.12.4-1

1.13.0-1~bpo10+1

1.13.0-1

1.15.0-1

1.15.1-1~bpo10+1

1.15.1-1~bpo10+2

1.15.1-1

1.15.2-1

1.16.0-1

1.17.0-1~bpo10+1

1.17.0-1

1.18.0-1~bpo10+1

1.18.0-1

1.19.0-1~bpo10+1

1.19.0-1

1.19.1-1~bpo10+1

1.19.1-1~bpo10+2

1.19.1-1~bpo10+3

1.19.1-1

1.19.2-1

1.19.3-1

1.20.0-1

1.20.1-1~bpo10+1

1.20.1-1

1.21.1-1

1.21.2-1~bpo10+1

1.21.2-1

1.22.1-1~bpo10+1

1.22.1-1

1.22.1-2~bpo10+1

1.22.1-2

1.23.0-1~bpo10+1

1.23.0-1

1.24.0-1~bpo10+1

1.24.0-1

1.24.0-2

1.25.0-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}