Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist.
References
Link | Resource |
---|---|
https://github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da | Patch Third Party Advisory |
https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-04-15T17:55:11
Updated: 2021-06-07T11:38:51
Reserved: 2021-03-30T00:00:00
Link: CVE-2021-29433
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-15T18:15:12.497
Modified: 2022-08-02T16:01:36.987
Link: CVE-2021-29433
JSON object: View
Redhat Information
No data.