{
  "threat_severity" : "Moderate",
  "public_date" : "2022-09-08T00:00:00Z",
  "bugzilla" : {
    "description" : "sdk-server: Denial of Service",
    "id" : "2136188",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2136188"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.", "A flaw was found in the Eclipse Milo SDK Server. This flaw allows an attacker to consume the application memory, leading to a denial of service by sending specific requests." ],
  "affected_release" : [ {
    "product_name" : "RHINT Camel-Springboot 3.18.3",
    "release_date" : "2022-12-08T00:00:00Z",
    "advisory" : "RHSA-2022:8902",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:3.18.3",
    "package" : "org.eclipse.milo-sdk-server"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "org.eclipse.milo-sdk-serve",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Not affected",
    "package_name" : "org.eclipse.milo-sdk-server",
    "cpe" : "cpe:/a:redhat:integration:1"
  }, {
    "product_name" : "Red Hat Integration Camel Quarkus 1",
    "fix_state" : "Not affected",
    "package_name" : "org.eclipse.milo-sdk-server",
    "cpe" : "cpe:/a:redhat:camel_quarkus:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-25897\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25897" ],
  "name" : "CVE-2022-25897",
  "csaw" : false
}