Candidate: CVE-2020-9369
PublicDate: 2020-02-24 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9369
 https://github.com/sympa-community/sympa/issues/886
 https://sympa-community.github.io/security/2020-001.html
Description:
 Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of
 service (disk consumption from temporary files, and a flood of
 notifications to listmasters) via a series of requests with malformed
 parameters.
Ubuntu-Description:
Notes:
 msalvatore> Affects 6.2.38 to 6.2.52 inclusive
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952428
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_sympa:
upstream_sympa: released (6.2.54, 6.2.40~dfsg-4)
precise/esm_sympa: DNE
trusty_sympa: ignored (out of standard support)
trusty/esm_sympa: DNE
xenial_sympa: not-affected (code not present)
bionic_sympa: not-affected (code not present)
eoan_sympa: ignored (reached end-of-life)
focal_sympa: not-affected (6.2.40~dfsg-4)
devel_sympa: not-affected (6.2.40~dfsg-4)