Lucene search

K

Ubuntu.comUB:CVE-2023-26151

HistoryOct 03, 2023 - 12:00 a.m.

CVE-2023-26151

2023-10-0300:00:00

ubuntu.com

ubuntu.com

37

cve-2023-26151

asyncua package

denial of service

dos attack

infinite loop

excessive memory

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.0%

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of
Service (DoS) such that an attacker can send a malformed packet and as a
result, the server will enter into an infinite loop and consume excessive
memory.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython-opcua< anyUNKNOWN
ubuntu20.04noarchpython-opcua< anyUNKNOWN
ubuntu22.04noarchpython-opcua< anyUNKNOWN

References

gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8

github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262

github.com/FreeOpcUa/opcua-asyncio/issues/1013

github.com/FreeOpcUa/opcua-asyncio/pull/1039

github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96

launchpad.net/bugs/cve/CVE-2023-26151

nvd.nist.gov/vuln/detail/CVE-2023-26151

security-tracker.debian.org/tracker/CVE-2023-26151

security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709

www.cve.org/CVERecord?id=CVE-2023-26151

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.0%

Related for UB:CVE-2023-26151

prion1 osv3 veracode1 cve1 cvelist1 github1 nvd1