CVE-2018-10657: Improper Input Validation

May 2, 2018 (updated June 7, 2018)

Matrix Synapse is prone to a denial of service flaw where malicious events injected with depth = 2^63-1 render rooms unusable, related to federation/federation_base.py and handlers/message.py.

References

matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
nvd.nist.gov/vuln/detail/CVE-2018-10657

Code Behaviors & Features

Detect and mitigate CVE-2018-10657 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →