First published: Thu Sep 08 2022(Updated: )
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse Milo | <0.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-25897 is a vulnerability in the Eclipse Milo SDK Server that allows an attacker to cause a Denial of Service by sending multiple CloseSession requests.
CVE-2022-25897 has a severity rating of 7.5 (high).
The affected software is the org.eclipse.milo:sdk-server package before version 0.6.8.
To fix CVE-2022-25897, update the affected org.eclipse.milo:sdk-server package to version 0.6.8 or higher.
The CWE for CVE-2022-25897 is CWE-770 (Use of One-way Hash without a Salt).