CVE-2022-31052

{"id": "CVE-2022-31052", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-06-28T17:15:08.217", "references": [{"url": "https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/", "source": "security-advisories@github.com"}, {"url": "https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false."}, {"lang": "es", "value": "Synapse es una implementaci\u00f3n de servidor dom\u00e9stico de c\u00f3digo abierto para la red de chat Matrix. En versiones anteriores a 1.61.1, las previsualizaciones de URL de algunas p\u00e1ginas web pueden agotar el espacio de pila disponible para el proceso de Synapse debido a una recursi\u00f3n sin l\u00edmites. Esto a veces es recuperable y conlleva a un error para la petici\u00f3n que causa el problema, pero en otros casos el proceso de Synapse puede bloquearse por completo. Es posible explotar esto de forma maliciosa, ya sea por usuarios maliciosos en el servidor dom\u00e9stico, o por usuarios remotos que env\u00edan URLs para las que el cliente de un usuario local puede solicitar autom\u00e1ticamente una visualizaci\u00f3n previa de la URL. Los usuarios remotos no son capaces de explotar esto directamente, porque el endpoint de la visualizaci\u00f3n previa de la URL est\u00e1 autenticado. Los despliegues con \"url_preview_enabled: false\" establecidos en la configuraci\u00f3n no est\u00e1n afectados. Los despliegues con \"url_preview_enabled: true\" establecido en la configuraci\u00f3n **est\u00e1n** afectados. Los despliegues sin valor de configuraci\u00f3n para \"url_preview_enabled\" no est\u00e1n afectados, porque el valor por defecto es \"false\". Es recomendado a administradores de servidores dom\u00e9sticos con visualizaciones previas de URL habilitadas que actualicen a versi\u00f3n v1.61.1 o superior. Los usuarios que no puedan actualizarse deben establecer \"url_preview_enabled\" en false"}], "lastModified": "2024-11-21T07:03:47.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52787569-D73B-46A3-99E8-EEB0D5971C69", "versionEndExcluding": "1.61.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}