PyPI package
asyncua
pkg:pypi/asyncua
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26150 | — | < 0.9.96 | 0.9.96 | Oct 3, 2023 | Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | ||
| CVE-2023-26151 | — | < 0.9.96 | 0.9.96 | Oct 3, 2023 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | ||
| CVE-2022-25304 | — | < 0.9.96 | 0.9.96 | Aug 23, 2022 | All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sendin |
- CVE-2023-26150Oct 3, 2023affected < 0.9.96fixed 0.9.96
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.
- CVE-2023-26151Oct 3, 2023affected < 0.9.96fixed 0.9.96
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
- CVE-2022-25304Aug 23, 2022affected < 0.9.96fixed 0.9.96
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sendin