CVE-2021-29430

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29430
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29430.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29430
Aliases
Related
Published
2021-04-15T21:15:17Z
Modified
2025-01-15T01:48:40.396987Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.

References

Affected packages

Git / github.com/matrix-org/sydent

Affected ranges

Type
GIT
Repo
https://github.com/matrix-org/sydent
Events

Affected versions

Other

fosdem_2021-01-15

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3

v2.*

v2.0.0
v2.0.1
v2.1.0
v2.2.0