CVE-2024-36403

Summary

CVE-2024-36403 affects Matrix Media Repo (MMR) versions prior to 1.3.5. This vulnerability allows unauthenticated adversaries to induce MMR to download and cache large amounts of remote media files, resulting in unbounded disk consumption. Instances using file-backed stores or self-hosted S3 storage systems are particularly vulnerable to this disk fill attack. Once the disk is full, authenticated users will experience a denial of service, while cloud-based S3 storage users may face high service fees. MMR 1.3.5 introduces a new "leaky bucket" rate limit to reduce the amount of data a user can request at a time, but this only partially addresses the issue. Operators unable to update should consider lowering maximum file sizes and implementing harsh rate limits, but these measures may still result in significant data downloads. To avoid the issue, the reverse proxy should populate the X-Forwarded-For header when sending requests to MMR.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.