Auto-merge PR#6989

2025-06-12 02:05:39 +00:00 · 2022-08-23 01:10:54 -04:00 · 2022-08-23 01:10:54 -04:00 · 37c8af5d1b
commit 37c8af5d1b
parent e4d462a0ca 8ee6e66e18
1 changed files with 80 additions and 4 deletions
--- a/2022/24xxx/CVE-2022-24381.json
+++ b/2022/24xxx/CVE-2022-24381.json
@ -3,16 +3,92 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2022-08-23T05:00:10.686452Z",
        "ID": "CVE-2022-24381",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Denial of Service (DoS)"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ASNeG/OpcUaStack",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": ">=",
+                                            "version_value": "0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Denial of Service (DoS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-ASNEGOPCUASTACK-2988735"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.\r\n\r\nAn attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
+            "baseScore": 7.5,
+            "baseSeverity": "HIGH",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "availabilityImpact": "HIGH"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Vera Mens"
+        },
+        {
+            "lang": "eng",
+            "value": "Uri Katz"
+        },
+        {
+            "lang": "eng",
+            "value": "Sharon Brizinov of Team82 (Claroty Research)"
+        }
+    ]
 }