MEDIUM🇬🇧 English

CVE-2021-29433

CVSS 4.3v3.1pub. 2021-04-15upd. 2024-11-21

Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • Matrix Sydent

    APP
    Matrix
    < 2.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-38686CRITICAL9.3ten sam produkt

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to ...

CVE-2021-29430HIGH7.5ten sam produkt

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP...

CVE-2021-29431HIGH7.7ten sam produkt

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal syst...

CVE-2019-11842HIGH7.5ten sam produkt

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is...

CVE-2021-29432MEDIUM5.3ten sam produkt

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails...