MEDIUM

GHSA-7h5v-85w9-pq6c

Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint

Details

### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion.

### Patches The issue is fixed by https://github.com/matrix-org/synapse/pull/9855.

### Workarounds There are no known workarounds.

### References n/a

### For more information If you have any questions or comments about this advisory, email us at security@matrix.org.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / matrix-synapse

Introduced in: 0 Fixed in: 1.33.0

Fix pip install --upgrade 'matrix-synapse>=1.33.0'

References

https://github.com/matrix-org/synapse/security/advisories/GHSA-7h5v-85w9-pq6c [WEB]
https://github.com/matrix-org/synapse/pull/9855 [WEB]