CVE-2024-52805 — HIGH (7.5)

Q: How severe is CVE-2024-52805?

CVE-2024-52805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-52805?

Check the references section above for vendor advisories and patch information. Affected products include: Matrix Synapse.

Vulnerability Description

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Matrix	Synapse	< 1.120.1

Related Weaknesses (CWE)

CWE-770

References

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2Vendor Advisory
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518Issue Tracking
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609Issue Tracking

FAQ

What is CVE-2024-52805?

CVE-2024-52805 is a vulnerability with a CVSS score of 7.5 (HIGH). Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while ...

How severe is CVE-2024-52805?

CVE-2024-52805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-52805?

Check the references section above for vendor advisories and patch information. Affected products include: Matrix Synapse.