CVE-2020-26257: Denial of service attack via incorrect parameters in Matrix Synapse
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62852%
CWE
Published
12/9/2020
Updated
9/24/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
matrix-synapse | pip | < 1.23.1 | 1.23.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from endpoints (/send_join, /send_leave, /invite, /exchange_third_party_invite) trusting room_id from URL path parameters instead of validating against the request body. The fix in PR #8776 shows these functions were modified to use 'room_id' from content via assert_params_in_dict checks. The original implementations' failure to verify path/body consistency allowed attackers to specify conflicting room IDs, leading to state corruption and DoS.