Safety vulnerability ID: 61571
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Asyncua 0.9.96 includes a fix for CVE-2023-26151: Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262
Latest version: 1.1.5
Pure Python OPC-UA client and server library
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. See CVE-2023-26151.
MISC:https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8: https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8
MISC:https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262: https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262
MISC:https://github.com/FreeOpcUa/opcua-asyncio/issues/1013: https://github.com/FreeOpcUa/opcua-asyncio/issues/1013
MISC:https://github.com/FreeOpcUa/opcua-asyncio/pull/1039: https://github.com/FreeOpcUa/opcua-asyncio/pull/1039
MISC:https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96: https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96
MISC:https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709: https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application