Resource exhaustion in Element-hq Synapse

CVE-2024-52805

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be us…

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

Affected products

Element-hq Synapse — versions < 1.120.1

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 (x_refsource_CONFIRM)
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 (x_refsource_MISC)
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 (x_refsource_MISC)