Lucene search

[email protected]NVD:CVE-2023-26151

HistoryOct 03, 2023 - 5:15 a.m.

CVE-2023-26151

2023-10-0305:15:50

CWE-400

CWE-835

[email protected]

web.nvd.nist.gov

asyncua package

version 0.9.96

denial of service

dos attack

memory consumption

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.0%

JSON

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

Affected configurations

Nvd

Node

freeopcuaopcua-asyncioRange<0.9.96python

VendorProductVersionCPE
freeopcuaopcua-asyncio*cpe:2.3:a:freeopcua:opcua-asyncio:*:*:*:*:*:python:*:*

Vendor	Product	Version	CPE
freeopcua	opcua-asyncio	*	cpe:2.3:a:freeopcua:opcua-asyncio::::::python::*

References

gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8

github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262

github.com/FreeOpcUa/opcua-asyncio/issues/1013

github.com/FreeOpcUa/opcua-asyncio/pull/1039

github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96

security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.0%

JSON

Related for NVD:CVE-2023-26151

prion1 osv3 veracode1 cve1 cvelist1 github1 ubuntucve1