VYPR

PyPI package

asyncua

pkg:pypi/asyncua

Vulnerabilities (3)

  • CVE-2023-26150Oct 3, 2023
    affected < 0.9.96fixed 0.9.96

    Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

  • CVE-2023-26151Oct 3, 2023
    affected < 0.9.96fixed 0.9.96

    Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.

  • CVE-2022-25304Aug 23, 2022
    affected < 0.9.96fixed 0.9.96

    All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sendin