We found results for “”
CVE-2022-25897
Good to know:
Date: September 8, 2022
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
CWE-770Top Fix
Upgrade Version
Upgrade to version org.eclipse.milo:sdk-server:0.6.8;org.eclipse.milo:server-examples:0.6.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |