CVE-2024-52805

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-52805
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52805.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52805
Aliases
Downstream
Related
Published
2024-12-03T17:01:50.119Z
Modified
2026-04-10T05:13:18.166829Z
Severity
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Synapse allows unsupported content types to lead to memory exhaustion
Details

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52805.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/element-hq/synapse

Affected ranges

Type
GIT
Repo
https://github.com/element-hq/synapse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fe3d88b833f76742874642c119b14b788341c905
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.120.1"
        }
    ]
}

Affected versions

Other
hhs-1
hhs-2
hhs-3
hhs-5
hhs-6
hhs-7
hhs-8
v0.*
v0.10.0
v0.10.0-r1
v0.10.0-r2
v0.11.0
v0.11.0-r1
v0.11.0-r2
v0.11.1
v0.12.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.16.0
v0.16.1
v0.16.1-r1
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.18.5
v0.2.0
v0.2.1
v0.2.1a
v0.2.2
v0.23.0-rc1
v0.23.0-rc2
v0.25.0-rc1
v0.28.0-rc1
v0.3.0
v0.3.3
v0.3.4
v0.32.0
v0.32.0rc1
v0.32.2
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.3a
v0.5.3b
v0.5.3c
v0.5.4
v0.5.4a
v0.6.0
v0.6.0a
v0.6.0b
v0.6.1
v0.6.1a
v0.6.1b
v0.6.1c
v0.6.1d
v0.6.1e
v0.6.1f
v0.7.0
v0.7.0a
v0.7.0b
v0.7.0c
v0.7.0d
v0.7.0e
v0.7.0f
v0.7.1
v0.7.1-r1
v0.7.1-r2
v0.7.1-r3
v0.7.1-r4
v0.8.0
v0.8.1
v0.8.1-r1
v0.8.1-r2
v0.8.1-r3
v0.8.1-r4
v0.9.0
v0.9.0-r1
v0.9.0-r2
v0.9.0-r3
v0.9.0-r4
v0.9.0-r5
v0.9.1
v0.9.2
v0.9.2-r1
v0.9.2-r2
v0.9.3
v0.99.1rc1
v0.99.2rc1
v0.99.4rc1
v0.99.5.1.dev0
v1.*
v1.1.0rc1
v1.1.0rc2
v1.10.0rc1
v1.100.0rc1
v1.100.0rc2
v1.100.0rc3
v1.101.0rc1
v1.103.0rc1
v1.104.0rc1
v1.105.0rc1
v1.106.0rc1
v1.11.0rc1
v1.111.0rc1
v1.112.0rc1
v1.114.0rc1
v1.115.0rc1
v1.116.0rc1
v1.12.0rc1
v1.120.0
v1.120.0rc1
v1.14.0rc1
v1.15.0rc1
v1.16.0rc1
v1.17.0rc1
v1.18.0rc1
v1.23.0rc1
v1.24.0rc1
v1.27.0rc1
v1.29.0rc1
v1.3.0rc1
v1.30.0rc1
v1.31.0rc1
v1.32.0rc1
v1.34.0rc1
v1.35.0rc1
v1.36.0rc1
v1.4.0rc1
v1.40.0rc1
v1.49.0rc1
v1.5.0rc1
v1.52.0rc1
v1.6.0rc1
v1.62.0rc1
v1.63.0rc1
v1.75.0rc1
v1.76.0rc1
v1.78.0rc1
v1.79.0rc1
v1.8.0rc1
v1.81.0rc1
v1.84.0rc1
v1.87.0rc1
v1.88.0rc1
v1.9.0.dev1
v1.9.0.dev2
v1.9.0rc1
v1.90.0rc1
v1.94.0rc1
v1.95.0rc1
v1.98.0rc1
v1.99.0rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52805.json"