Login Sign Up

CVE-2021-29430

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-29430 is a denial-of-service vulnerability in Sydent, a Matrix identity server, where attackers can send oversized HTTP requests or receive oversized responses to exhaust server memory. This affects any Sydent server accepting registration requests from untrusted clients or communicating with untrusted Matrix homeservers.

💻 Affected Systems

Products:
  • Sydent (Matrix identity server)
Versions: All versions before v2.3.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects servers accepting registration from untrusted clients or communicating with untrusted homeservers.

📦 What is this software?

Sydent by Matrix

View all CVEs affecting Sydent →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage due to memory exhaustion, rendering the identity server unavailable for legitimate users.

🟠

Likely Case

Intermittent service degradation or temporary unavailability as memory resources are consumed.

🟢

If Mitigated

Minimal impact with proper request/response size limits implemented at the application or proxy layer.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending large HTTP payloads, which is trivial with standard tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.3.0

Vendor Advisory: https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9

Restart Required: Yes

Instructions:

1. Update Sydent to version 2.3.0 or later. 2. Apply commits 89071a1, 0523511, and f56eee3 if patching manually. 3. Restart the Sydent service.

🔧 Temporary Workarounds

Reverse Proxy Request Limiting

all

Configure HTTP reverse proxy (e.g., nginx, Apache) to limit request body size.

nginx: client_max_body_size 10M;
Apache: LimitRequestBody 10485760

🧯 If You Can't Patch

  • Implement network-level controls to block unusually large HTTP requests.
  • Monitor memory usage and restart services if abnormal consumption is detected.

🔍 How to Verify

Check if Vulnerable:

Check Sydent version; if below 2.3.0, it is vulnerable.

Check Version:

Check Sydent logs or configuration for version information.

Verify Fix Applied:

Confirm version is 2.3.0 or later and test with oversized requests to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

  • Large HTTP request logs
  • Memory exhaustion errors in system logs

Network Indicators:

  • Unusually large HTTP requests to Sydent endpoints

SIEM Query:

source="sydent.log" AND (message="*large request*" OR message="*memory*" OR message="*denial*")

📊 Metadata

CVE ID: CVE-2021-29430
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: April 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29430, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)