CVE-2024-52791— Denial of service through memory exhaustion in Matrix Media Repo
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-52791
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service through memory exhaustion in Matrix Media Repo
Source: NVD (National Vulnerability Database)
Vulnerability Description
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的内存分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
matrix-media-repo 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
matrix-media-repo是t2bot.io开源的一个 Matrix 的高度可配置多域媒体存储库。 matrix-media-repo v1.3.8之前版本存在安全漏洞,该漏洞源于在正常运行过程中向其他服务器发出请求,这些资源所有者可以将大量JSON返回给MMR进行解析,在解析过程中会消耗大量内存并耗尽可用内存。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| t2bot | matrix-media-repo | < 1.3.8 | - |
II. Public POCs for CVE-2024-52791
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-52791
请登录查看更多情报信息。
- Release v1.3.8 · t2bot/matrix-media-repo · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2024-52791
Same Patch Batch · t2bot · 2025-01-16 · 5 CVEs total
| CVE-2024-56515 | 6.8 MEDIUM | Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders |
| CVE-2024-36403 | 5.3 MEDIUM | Denial of service/high operating costs through unauthenticated downloads in Matrix Media R |
| CVE-2024-36402 | 5.3 MEDIUM | Unauthenticated writes to the media repository allow planting of problematic content in Ma |
| CVE-2024-52602 | 5.0 MEDIUM | Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo |
IV. Related Vulnerabilities
Same product: matrix-media-repo
- CVE-2024-36402
Unauthenticated writes to the media repository allow plantin - CVE-2024-36403
Denial of service/high operating costs through unauthenticat - CVE-2024-52602
Server-Side Request Forgery (SSRF) on redirects and federati - CVE-2024-56515
Untrusted file formats can be thumbnailed, invoking potentia - CVE-2023-41318
Unsafe media served inline on download endpoints in matrix-m
Same vendor: t2bot
Same weakness: CWE-789
- CVE-2021-47944
memono Notepad 4.2 Denial of Service via Buffer Overflow - CVE-2026-42241
ParquetSharp: Possible Stack Overflow When Reading a Parquet - CVE-2026-43868
Apache Thrift: Rust implementation vulnerable to CVE-2020-13 - CVE-2026-42146
CImg Library: Uncontrolled memory allocation via nb_colors f - CVE-2026-42440
Apache OpenNLP: OOM DoS via Unbounded Array Allocation in Ab
V. Comments for CVE-2024-52791
No comments yet