How severe is CVE-2024-52791?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-52791?

This is classified as CWE-789, which is a common weakness in software security.

CVE-2024-52791 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.

Related Vulnerabilities

CVE-2023-0809

MEDIUM

CVSS:5.3(Medium)

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

CWE-7892023

CVE-2024-37071

MEDIUM

CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper mem...

CWE-7892024

CVE-2024-37168

MEDIUM

CVSS:5.3(Medium)

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can b...

CWE-7892024

CVE-2024-41761

MEDIUM

CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted qu...

CWE-7892024

CVE-2025-2518

MEDIUM

CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions ...

CWE-7892025

CVE-2021-1283

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be rest...

CWE-7892021