CVE-2019-11340 — Improper Input Validation in Sydent

CWE-20 — Improper Input Validation11 documents8 sources

Severity

7.5HIGHNVD

NVD5.9CNA5.9OSV5.9

EPSS

0.7%

top 28.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matrix Sydent Oracle Communications Operations Monitor Python +8 more

Timeline

PublishedApr 19

Latest updateMay 24

Description

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on [email protected]@good.example.com returns the [email protected] substring.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages8 packages

▶NVDmatrix/sydent< 1.0.2

▶NVDpython/python3.0.0 — 3.0.1+8

▶NVDoracle/communications_operations_monitor4.1 — 4.3+1

▶NVDopensuse/leap15.0, 15.1+1

▶NVDoracle/solaris11

Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Matrix Sydent mishandles emails↗2022-05-24

▶

GHSA

GHSA-8mcc-mjj5-h77m: An issue was discovered in Python through 2↗2022-05-24

▶

OSV

Matrix Sydent mishandles emails↗2022-05-24

▶

OSV

CVE-2019-16056: An issue was discovered in Python through 2↗2019-09-06

▶

CVEList

CVE-2019-16056: An issue was discovered in Python through 2↗2019-09-06

▶

📋Vendor Advisories

Debian

CVE-2019-16056: python2.7 - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x throu...↗2019

▶

Red Hat

python: email.utils.parseaddr wrongly parses email addresses↗2018-07-19

▶

💬Community

Bugzilla

CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service↗2019-02-22

▶