Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service through memory exhaustion in Matrix Media Repo
Vulnerability Description
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未经控制的内存分配
Vulnerability Title
matrix-media-repo 安全漏洞
Vulnerability Description
matrix-media-repo是t2bot.io开源的一个 Matrix 的高度可配置多域媒体存储库。 matrix-media-repo v1.3.8之前版本存在安全漏洞,该漏洞源于在正常运行过程中向其他服务器发出请求,这些资源所有者可以将大量JSON返回给MMR进行解析,在解析过程中会消耗大量内存并耗尽可用内存。
CVSS Information
N/A
Vulnerability Type
N/A