exploitDog

CVE-2020-27274

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:honeywell:opc_ua_tunneller:*:*:*:*:*:*:*:*

Версия до 6.3.0.8233 (исключая)

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-754

CWE-754

Связанные уязвимости

GHSA-p5jr-488h-j8p7

github

больше 3 лет назад

Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-754

CWE-754