CVE Vulnerability

CVE-2022-25897

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/eclipse/milo/issues/1030 Issue Tracking Patch
https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5 Patch Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191 Third Party Advisory
https://github.com/eclipse/milo/pull/1031 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:eclipse:milo:*:*:*:*:*:*:*:*
Information

Published : 2022-09-08 05:15

Updated : 2022-09-13 08:17

NVD link : CVE-2022-25897

Mitre link : CVE-2022-25897

Products Affected
No products.
CWE
CWE-770