Vulnerabilites related to eclipse - milo
CVE-2022-25897 (GCVE-0-2022-25897)
Vulnerability from cvelistv5
Published
2022-09-08 05:05
Modified
2024-09-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service (DoS)
Summary
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | org.eclipse.milo:sdk-server |
Version: unspecified < 0.6.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/milo/pull/1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eclipse/milo/issues/1030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "org.eclipse.milo:sdk-server",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.6.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T05:05:12",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/milo/pull/1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eclipse/milo/issues/1030"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-09-08T05:00:11.747866Z",
"ID": "CVE-2022-25897",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "org.eclipse.milo:sdk-server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.6.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191"
},
{
"name": "https://github.com/eclipse/milo/pull/1031",
"refsource": "MISC",
"url": "https://github.com/eclipse/milo/pull/1031"
},
{
"name": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"refsource": "MISC",
"url": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5"
},
{
"name": "https://github.com/eclipse/milo/issues/1030",
"refsource": "MISC",
"url": "https://github.com/eclipse/milo/issues/1030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25897",
"datePublished": "2022-09-08T05:05:12.190707Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-16T17:49:20.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-09-08 05:15
Modified
2024-11-21 06:53
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| report@snyk.io | https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5 | Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/eclipse/milo/issues/1030 | Issue Tracking, Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/eclipse/milo/pull/1031 | Patch, Third Party Advisory | |
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/milo/issues/1030 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/milo/pull/1031 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:milo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21638D30-0B3C-4457-BEBC-022ACACE81A5",
"versionEndExcluding": "0.6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
},
{
"lang": "es",
"value": "El paquete org.eclipse.milo:sdk-server versiones anteriores a 0.6.8, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) al omitir las limitaciones por consumo excesivo de memoria mediante el env\u00edo de varias peticiones CloseSession con el par\u00e1metro deleteSubscription igual a False"
}
],
"id": "CVE-2022-25897",
"lastModified": "2024-11-21T06:53:11.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-08T05:15:07.410",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5"
},
{
"source": "report@snyk.io",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/issues/1030"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/pull/1031"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/issues/1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/milo/pull/1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}