UBUNTU-CVE-2025-30355

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-30355

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-30355.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-30355

Related

CVE-2025-30355

Published

2025-03-27T01:15:00Z

Modified

2025-04-02T17:00:21Z

Summary

[none]

Details

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.

References

Affected packages

Ubuntu:Pro:18.04:LTS / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/ubuntu/matrix-synapse@0.24.0+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.19.2+dfsg-6

0.24.0+dfsg-1

0.24.0+dfsg-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/ubuntu/matrix-synapse@1.11.0-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-1

1.4.0-1

1.5.0-1

1.5.1-1

1.6.0-1

1.6.1-1

1.7.0-2

1.7.1-1

1.7.2-1

1.7.3-1

1.8.0-1

1.9.0-1

1.9.1-1

1.10.0-1

1.10.0-2

1.11.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/ubuntu/matrix-synapse@1.53.0-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.39.0-1

1.47.0-2

1.47.1-1

1.48.0-1

1.49.0-1

1.49.2-1

1.50.1-1

1.50.2-1

1.51.0-1

1.52.0-1

1.53.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/ubuntu/matrix-synapse@1.100.0-1ubuntu1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.100.0-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / matrix-synapse

Package

Name: matrix-synapse
Purl: pkg:deb/ubuntu/matrix-synapse@1.100.0-1ubuntu1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.90.0-1

1.100.0-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}