Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-25761

Опубликовано: 23 авг. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open62541:open62541:*:*:*:*:*:*:*:*
Версия до 1.2.5 (исключая)
cpe:2.3:a:open62541:open62541:1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:open62541:open62541:1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:open62541:open62541:1.3:rc2-ef:*:*:*:*:*:*
cpe:2.3:a:open62541:open62541:1.3:rc2-ef2:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00636
Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

debian логотип

CVE-2022-25761

CVSS3: 7.5
debian
больше 3 лет назад

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before ...

github логотип

GHSA-p69w-fx96-62pg

CVSS3: 7.5
github
больше 3 лет назад

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

EPSS

Процентиль: 70%
0.00636
Низкий

7.5 High

CVSS3

Дефекты

CWE-770