Nanobot Denial-of-Service Vulnerability in Matrix Media Download Handler

A denial-of-service vulnerability has been identified in Nanobot versions prior to 0.2.1. The issue resides in the Matrix channel media download handler, where authenticated room members can exploit missing or invalid size metadata in media events. This exploitation leads to excessive consumption of process memory and bandwidth. Attackers can send multiple concurrent media events with omitted or incorrect size declarations, causing simultaneous large media downloads. These downloads fully complete before being rejected, allowing the exploitation of process resources and resulting in service degradation.

Impact

Exploitation of this vulnerability exhausts process memory and bandwidth, causing service degradation.

Reproduction

To reproduce this vulnerability, send multiple concurrent Matrix media events as an authenticated room member. Omit or provide invalid size metadata in the events. This will trigger simultaneous downloads of large media files, consuming process resources and leading to service degradation.

Remediation

Users can update to Nanobot version 0.2.1 or later, where this vulnerability has been fixed.