CVE-2023-26151 – asyncua

Package

Manager: pip
Name: asyncua
Vulnerable Version: >=0 <0.9.96

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00148 pctl0.35896

Details

asyncua vulnerable to denial of service via infinite loop Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

Metadata

Created: 2023-10-03T06:30:26Z
Modified: 2023-10-04T19:34:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-gfvq-mxw3-mfq3/GHSA-gfvq-mxw3-mfq3.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-gfvq-mxw3-mfq3
Finding: F138
Auto approve: 1