FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-matrix-synapse -- federation denial of service via malformed events

Affected packages
py310-matrix-synapse < 1.127.1
py311-matrix-synapse < 1.127.1
py38-matrix-synapse < 1.127.1
py39-matrix-synapse < 1.127.1

Details

VuXML ID e9b8e519-0d50-11f0-86d8-901b0e934d69
Discovery 2025-03-26
Entry 2025-03-26

element-hq/synapse developers report:

A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild.

[source]

References

CVE Name CVE-2025-30355
URL https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.