Vulnerability Description
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Milo | < 0.6.8 |
Related Weaknesses (CWE)
References
- https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5PatchThird Party Advisory
- https://github.com/eclipse/milo/issues/1030Issue TrackingPatchThird Party Advisory
- https://github.com/eclipse/milo/pull/1031PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191Third Party Advisory
- https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5PatchThird Party Advisory
- https://github.com/eclipse/milo/issues/1030Issue TrackingPatchThird Party Advisory
- https://github.com/eclipse/milo/pull/1031PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191Third Party Advisory
FAQ
What is CVE-2022-25897?
CVE-2022-25897 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests...
How severe is CVE-2022-25897?
CVE-2022-25897 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25897?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Milo.