Vulnerability Details CVE-2020-9369
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/sympa-community/sympa/issues/886
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/
- https://sympa-community.github.io/security/2020-001.html
- https://www.debian.org/security/2020/dsa-4818
- https://github.com/sympa-community/sympa/issues/886
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/
- https://sympa-community.github.io/security/2020-001.html
- https://www.debian.org/security/2020/dsa-4818
Products affected by CVE-2020-9369
-
cpe:2.3:a:sympa:sympa:6.2.38
-
cpe:2.3:a:sympa:sympa:6.2.40
-
cpe:2.3:a:sympa:sympa:6.2.41
-
cpe:2.3:a:sympa:sympa:6.2.42
-
cpe:2.3:a:sympa:sympa:6.2.43
-
cpe:2.3:a:sympa:sympa:6.2.44
-
cpe:2.3:a:sympa:sympa:6.2.45
-
cpe:2.3:a:sympa:sympa:6.2.46
-
cpe:2.3:a:sympa:sympa:6.2.48
-
cpe:2.3:a:sympa:sympa:6.2.49
-
cpe:2.3:a:sympa:sympa:6.2.50
-
cpe:2.3:a:sympa:sympa:6.2.52
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32