Source: python-opcua X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for python-opcua. CVE-2022-25304[0]: | All versions of package opcua; all versions of package asyncua are | vulnerable to Denial of Service (DoS) due to a missing limitation on | the number of received chunks - per single session or in total for all | concurrent sessions. An attacker can exploit this vulnerability by | sending an unlimited number of huge chunks (e.g. 2GB each) without | sending the Final closing chunk. https://github.com/FreeOpcUa/python-opcua/issues/1466 https://security.snyk.io/vuln/SNYK-PYTHON-OPCUA-2988730 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-25304 https://www.cve.org/CVERecord?id=CVE-2022-25304 Please adjust the affected versions in the BTS as needed.