Synapse
CVE-2022-41952
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after max_spider_size (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting url_preview_enabled: false in the Synapse configuration file.
AnalysisAI
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after max_spider_size (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting url_preview_enabled: false in the Synapse configuration file. Affected products include: Matrix Synapse. Version information: before 1.52.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpe
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical seve
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Rated critical severity (CVSS 9.8), t
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by le
Synapse is an open source Matrix homeserver implementation. Rated high severity (CVSS 7.1), this vulnerability is remote
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users t
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated high severity (CVSS 8.2)
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and conseque
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today