Описание
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
Ссылки
- ExploitThird Party Advisory
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- ProductRelease Notes
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- ProductRelease Notes
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.96 (исключая)
cpe:2.3:a:freeopcua:opcua-asyncio:*:*:*:*:*:python:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
CWE-835
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 2 лет назад
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
CVSS3: 7.5
github
больше 2 лет назад
asyncua vulnerable to denial of service via infinite loop
EPSS
Процентиль: 36%
0.00148
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-400
CWE-835