CVE-2018-10657

NameCVE-2018-10657
DescriptionMatrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
matrix-synapse (PTS)trixie1.100.0-1fixed
sid1.103.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
matrix-synapsesource(unstable)0.28.1+dfsg-1

Notes

https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
Search for package or bug name: Reporting problems