CVE-2022-25897 – Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2022-25897
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. El paquete org.eclipse.milo:sdk-server versiones anteriores a 0.6.8, es vulnerable a una Denegación de Servicio (DoS) al omitir las limitaciones por consumo excesivo de memoria mediante el envío de varias peticiones CloseSession con el parámetro deleteSubscription igual a False A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests. • https://github.com/eclipse/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5 https://github.com/eclipse/milo/issues/1030 https://github.com/eclipse/milo/pull/1031 https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEMILO-2990191 https://access.redhat.com/security/cve/CVE-2022-25897 https://bugzilla.redhat.com/show_bug.cgi?id=2136188 • CWE-770: Allocation of Resources Without Limits or Throttling •