Описание
asyncua vulnerable to denial of service via infinite loop
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-26151
- https://github.com/FreeOpcUa/opcua-asyncio/issues/1013
- https://github.com/FreeOpcUa/opcua-asyncio/pull/1039
- https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262
- https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8
- https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96
- https://github.com/pypa/advisory-database/tree/main/vulns/asyncua/PYSEC-2023-190.yaml
- https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709
Пакеты
asyncua
< 0.9.96
0.9.96
Связанные уязвимости
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.