CVE-2020-26890 - log back

CVE-2020-26890 edited at 24 Nov 2020 20:26:45
Description
- A security issue was found in Synapse before 1.20.0. A denial of service attack against Matrix clients could be performed by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
+ Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.
CVE-2020-26890 edited at 23 Nov 2020 18:54:53
Description
- A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
+ A security issue was found in Synapse before 1.20.0. A denial of service attack against Matrix clients could be performed by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
CVE-2020-26890 edited at 23 Nov 2020 18:51:55
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state.
References
+ https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
+ https://github.com/matrix-org/synapse/pull/8106
+ https://github.com/matrix-org/synapse/pull/8106/commits/c88c15b5fcf26940515b0f6398981ea5fab25347
+ https://github.com/matrix-org/synapse/pull/8106/commits/248d8284fa850289689f9ae87d2c807b58d7a812
+ https://github.com/matrix-org/synapse/pull/8106/commits/5516ae216d8cfe34b04ad190d8ec3c50bec07835
+ https://github.com/matrix-org/synapse/pull/8291
+ https://github.com/matrix-org/synapse/pull/8291/commits/1cad688bda57dcc8f9c09dff30fcbce818a3a20d
+ https://github.com/matrix-org/synapse/pull/8291/commits/4d654058dec5a77e2d1c50251ac8cd86c2e8e98f
Notes
CVE-2020-26890 created at 23 Nov 2020 18:47:20