http://bugzilla.opensuse.org/show_bug.cgi?id=1091925 Bug ID: 1091925 Summary: VUL-0: CVE-2018-10657: matrix-synapse: Injection of malicious events with a depth size of 2^63-1 can cause a denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/205180/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: okurz@suse.com Reporter: jsegitz@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#1574779 Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. References: https://bugzilla.redhat.com/show_bug.cgi?id=1574779 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10657 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10657.html https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/ https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c3546... -- You are receiving this mail because: You are on the CC list for the bug.