7.5
CVE-2022-25897
- EPSS 1.02%
- Veröffentlicht 08.09.2022 05:15:07
- Zuletzt bearbeitet 21.11.2024 06:53:11
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Denial of Service (DoS)
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.02% | 0.592 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| report@snyk.io | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5
https://github.com/eclipse/milo/issues/1030
https://github.com/eclipse/milo/pull/1031
https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191