{"id":"UBUNTU-CVE-2023-26151","details":"Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.","modified":"2025-10-24T05:01:50Z","published":"2023-10-03T05:15:00Z","upstream":["CVE-2023-26151"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-26151"},{"type":"REPORT","url":"https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8"},{"type":"REPORT","url":"https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96"},{"type":"REPORT","url":"https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709"},{"type":"REPORT","url":"https://github.com/FreeOpcUa/opcua-asyncio/issues/1013"},{"type":"REPORT","url":"https://github.com/FreeOpcUa/opcua-asyncio/pull/1039"},{"type":"REPORT","url":"https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-26151"}],"affected":[{"package":{"name":"python-opcua","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/python-opcua@0.90.3-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.90.3-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.90.3-1","binary_name":"python-opcua"},{"binary_version":"0.90.3-1","binary_name":"python-opcua-tools"},{"binary_version":"0.90.3-1","binary_name":"python3-opcua"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26151.json"}},{"package":{"name":"python-opcua","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python-opcua@0.98.9-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.98.6-3","0.98.6-3ubuntu1","0.98.9-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.98.9-1","binary_name":"python-opcua-tools"},{"binary_version":"0.98.9-1","binary_name":"python3-opcua"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26151.json"}},{"package":{"name":"python-opcua","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/python-opcua@0.98.11-1ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.98.11-1","0.98.11-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.98.11-1ubuntu1","binary_name":"python-opcua-tools"},{"binary_version":"0.98.11-1ubuntu1","binary_name":"python3-opcua"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26151.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}