CVE-2023-45129: 
Python vulnerability analysis and mitigation

Synapse, an open-source Matrix homeserver written and maintained by the Matrix.org Foundation, was found to contain a vulnerability (CVE-2023-45129) prior to version 1.94.0. The vulnerability allows a malicious server ACL event to impact performance temporarily or permanently, leading to a persistent denial of service. This issue specifically affects homeservers with open federation, while those running on closed federation are not impacted (Matrix Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. It is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling). The issue stems from insufficient handling of server ACL events that could affect system performance (NVD).

The vulnerability can result in a persistent denial of service condition through malicious server ACL events. The impact primarily affects system performance and availability, with no direct effect on confidentiality or integrity of the system (Matrix Advisory).

Server administrators are advised to upgrade to Synapse 1.94.0 or later to address this vulnerability. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. Additionally, homeservers running on closed federation (which presumably do not need to use server ACLs) are not affected by this vulnerability (Matrix Advisory).