CVE-2020-28466Uncontrolled Resource Consumption in Nats-io Nats-server Server

CWE-400Uncontrolled Resource Consumption5 documents4 sources
Severity
7.5HIGHNVD
EPSS
8.4%
top 7.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Github.com Nats-io Nats-server ServerGithub.com Nats-io Nats-serverGithub.com Nats-io Nats-server V2+2 more
Timeline
PublishedMar 7
Latest updateAug 21

Description

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with n

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

CVEListV5github.com/nats-io_nats-server_server< unspecified
NVDlinuxfoundation/nats-server2.0.02.2.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Denial of service in github.com/nats-io/nats-server/server in github.com/nats-io/nats-server2024-08-21
GHSA
Denial of service in github.com/nats-io/nats-server/server2022-02-15
OSV
Denial of service in github.com/nats-io/nats-server/server2022-02-15

📋Vendor Advisories

1
Debian
CVE-2020-28466: nats-server - This affects all versions of package github.com/nats-io/nats-server/server. Untr...2020