CVE-2022-25897
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-25897
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25897.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-25897
- Aliases
- Published
- 2022-09-08T05:15:07.410Z
- Modified
- 2025-12-06T21:17:20.532130Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
- References
Affected packages
Git / github.com/eclipse-milo/milo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse-milo/milo
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.3.0-M1
v0.3.1
v0.3.2
v0.3.3
v0.3.3-RC1
v0.3.3-RC2
v0.3.3-RC3
v0.3.4
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.2
v0.4.2-M1
v0.4.3
v0.5.0
v0.5.0-M1
v0.5.0-M2
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.0-M1
v0.6.1
v0.6.1-M1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-1a87b2c8",
"signature_type": "Line",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"316287730400964261557962082074374358095",
"137552324522859275043665239990437626448",
"150260333529263555580665018783961122268",
"26204844805845358369497647576222155895",
"273820770867395307963403020089065031004",
"86049893121022998673946459993246150824",
"51286561176100883830935828642708966521",
"241555137118607601265567585326339443191",
"189961802389887196509088946805716153250",
"128960582977196181042454184909788186105",
"71801337020565581129261954462535482274",
"257334968403955855558610988298261545911",
"188431549743455919514258044804038269025",
"62571052389366196662369515192204474385",
"127600897460030441725823913109215287298",
"191014711188956224050502662787760597470",
"132864868868733536486003091356920496536",
"261185142975048411657145631547818469594",
"308556648681802125203726325005383977543",
"269131085868164194559646688714997374555",
"208834450487357826051206994875206805911",
"229013231208185367037287391624956418879",
"32693448091816757588826893293764634067",
"114744439089923627646035896434902013003",
"94966992350428612664933738851101349216",
"70049091193833596941018948615803565156",
"47747763913353849723058592014134611758",
"26204844805845358369497647576222155895",
"273820770867395307963403020089065031004",
"86049893121022998673946459993246150824",
"265455888899744646442397730692752239972",
"12363726320800705278291739741761037259",
"280282296801978871091908032417278552258",
"3050124587150577859360361374101413415"
]
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-506f68fa",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "createMonitoredItems"
},
"digest": {
"function_hash": "2967043869275914237205563353798901726",
"length": 1811.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-80091905",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "deleteSubscription"
},
"digest": {
"function_hash": "86376165737571805834901002708478013439",
"length": 1244.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-850e5190",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "createSubscription"
},
"digest": {
"function_hash": "210723839872175475543656040340586869959",
"length": 1271.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-920f70cc",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "deleteMonitoredItems"
},
"digest": {
"function_hash": "20560012745201503318175186358342876260",
"length": 1159.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-9704ba7d",
"signature_type": "Line",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/api/config/OpcUaServerConfigLimits.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"210529568894754525357292110621011064048",
"121081970961472938976059385242084207992",
"257966455753977440697433873244479377647"
]
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-d29ba86e",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "addSubscription"
},
"digest": {
"function_hash": "79018665145305112590604148843162405002",
"length": 684.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-d8f14d90",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "removeSubscription"
},
"digest": {
"function_hash": "121090835184054834869297394555934363925",
"length": 205.0
},
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/eclipse-milo/milo/commit/4534381760d7d9f0bf00cbf6a8449bb0d13c6ce5",
"id": "CVE-2022-25897-f6ee77d5",
"signature_type": "Function",
"target": {
"file": "opc-ua-sdk/sdk-server/src/main/java/org/eclipse/milo/opcua/sdk/server/subscriptions/SubscriptionManager.java",
"function": "sessionClosed"
},
"digest": {
"function_hash": "266531716012542454283930813415063177609",
"length": 790.0
},
"signature_version": "v1"
}
]
Git / github.com/eclipse/milo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse/milo
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.3.0
v0.3.0-M1
v0.3.1
v0.3.2
v0.3.3
v0.3.3-RC1
v0.3.3-RC2
v0.3.3-RC3
v0.3.4
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.4.1
v0.4.2
v0.4.2-M1
v0.4.3
v0.5.0
v0.5.0-M1
v0.5.0-M2
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.0-M1
v0.6.1
v0.6.1-M1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7