CVE-2020-9369 — Uncontrolled Resource Consumption in Sympa

CWE-400 — Uncontrolled Resource Consumption7 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sympa Debian Sympa Debian Linux +1 more

Timeline

PublishedFeb 24

Latest updateMay 24

Description

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/sympa< sympa 6.2.40~dfsg-4 (bookworm)

▶Debiansympa/sympa< 6.2.40~dfsg-4+3

▶NVDsympa/sympa6.2.38 — 6.2.52

Also affects: Debian Linux 10.0, Fedora 30, 31, 32

Patches

Patch: sympa-community.github.io ↗Patch: sympa-community.github.io ↗

🔴Vulnerability Details

GHSA

GHSA-9cxv-8fwp-3hgq: Sympa 6↗2022-05-24

▶

OSV

CVE-2020-9369: Sympa 6↗2020-02-24

▶

📋Vendor Advisories

Debian

CVE-2020-9369: sympa - Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service...↗2020

▶

💬Community

Bugzilla

CVE-2020-9369 sympa: malformed requests lead to cause denial of service [fedora-all]↗2020-05-04

▶

Bugzilla

CVE-2020-9369 sympa: malformed requests lead to cause denial of service↗2020-05-04

▶

Bugzilla

CVE-2020-9369 sympa: malformed requests lead to cause denial of service [epel-all]↗2020-05-04

▶