Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26151: DoS asyncua Server

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

CVE
#vulnerability#dos#git

Disclaimer: It is important to note that a previous vulnerability related to DoS attacks on asyncua servers exists.

However, the vulnerability described here is entirely different in nature. The previous vulnerability relied on

resource exhaustion by sending an unlimited number of large chunks.

This crafted message is sufficient to cause the server to enter an infinite loop,

gradually consuming more and more resources. Notably,

in comparison to CVE-2022-25304, the vulnerability discussed in this gist requires less effort to exploi

#How was the vulnerability discovered ?

During my experiments for my Ph.D., I identified this vulnerability and promptly alerted the maintainers

by creating an issue on Git, as their request.

#Reproduce:

To reproduce this vulnerability:

0/send a message with a size field set to 0.

I used an open secure channel request but others are working.

All of this is described in the issue:

The first comment made a mistake by thinking that this vulnerability is CVE-2022-25304. But if you read the complete issue

you will see that it is not.

https://github.com/FreeOpcUa/opcua-asyncio/issues/1013

Related news

GHSA-gfvq-mxw3-mfq3: asyncua vulnerable to denial of service via infinite loop

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

GHSA-mfpj-3qhm-976m: Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

CVE-2022-25304: Snyk Vulnerability Database | Snyk

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907