GSD-2021-29430

Vulnerability from gsd - Updated: 2023-12-13 01:23
Details
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.
Aliases
Aliases
CVE-2021-29430
To clipboard 

{
  "GSD": {
    "alias": "CVE-2021-29430",
    "description": "Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.",
    "id": "GSD-2021-29430"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-29430"
      ],
      "details": "Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.",
      "id": "GSD-2021-29430",
      "modified": "2023-12-13T01:23:36.644630Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-29430",
        "STATE": "PUBLIC",
        "TITLE": "Denial of service attack via memory exhaustion"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "sydent",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 2.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "matrix-org"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-20\":\"Improper Input Validation\"}"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400 Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://pypi.org/project/matrix-sydent/",
            "refsource": "MISC",
            "url": "https://pypi.org/project/matrix-sydent/"
          },
          {
            "name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9",
            "refsource": "CONFIRM",
            "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9"
          },
          {
            "name": "https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d",
            "refsource": "MISC",
            "url": "https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d"
          },
          {
            "name": "https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7",
            "refsource": "MISC",
            "url": "https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7"
          },
          {
            "name": "https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428",
            "refsource": "MISC",
            "url": "https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428"
          },
          {
            "name": "https://github.com/matrix-org/sydent/releases/tag/v2.3.0",
            "refsource": "MISC",
            "url": "https://github.com/matrix-org/sydent/releases/tag/v2.3.0"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-wmg4-8cp2-hpg9",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.3.0",
          "affected_versions": "All versions before 2.3.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2021-04-19",
          "description": "Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases a1, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.",
          "fixed_versions": [
            "2.3.0"
          ],
          "identifier": "CVE-2021-29430",
          "identifiers": [
            "GHSA-wmg4-8cp2-hpg9",
            "CVE-2021-29430"
          ],
          "not_impacted": "All versions starting from 2.3.0",
          "package_slug": "pypi/matrix-sydent",
          "pubdate": "2021-04-19",
          "solution": "Upgrade to version 2.3.0 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9",
            "https://pypi.org/project/matrix-sydent/",
            "https://nvd.nist.gov/vuln/detail/CVE-2021-29430",
            "https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7",
            "https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d",
            "https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428",
            "https://github.com/matrix-org/sydent/releases/tag/v2.3.0",
            "https://github.com/advisories/GHSA-wmg4-8cp2-hpg9"
          ],
          "uuid": "41faaeda-1d93-479d-80df-395a36f786ef"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:matrix:sydent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29430"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7"
            },
            {
              "name": "https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d"
            },
            {
              "name": "https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428"
            },
            {
              "name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9"
            },
            {
              "name": "https://pypi.org/project/matrix-sydent/",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://pypi.org/project/matrix-sydent/"
            },
            {
              "name": "https://github.com/matrix-org/sydent/releases/tag/v2.3.0",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/matrix-org/sydent/releases/tag/v2.3.0"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-08-03T10:13Z",
      "publishedDate": "2021-04-15T21:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.