CVE-2024-52805 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-52805 Interim 1 5 2025-09-22T08:20:57Z current 2024-12-04T00:12:23Z 2025-09-22T08:20:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-52805 Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed matrix-synapse-1.120.2-1.1 matrix-synapse-1.120.2-1.1 as a component of openSUSE Tumbleweed Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. CVE-2024-52805 openSUSE Tumbleweed:matrix-synapse-1.120.2-1.1 critical 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H