How severe is CVE-2020-27217?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-27217?

This is classified as CWE-1284, which is a common weakness in software security.

CVE-2020-27217 - HIGH Severity | CVSS 7.5

Vulnerability Description

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.

Related Vulnerabilities

CVE-2021-44693

HIGH

CVSS:7.5(High)

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CWE-12842021

CVE-2021-45462

HIGH

CVSS:7.5(High)

In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.

CWE-12842021

CVE-2021-46893

HIGH

CVSS:7.5(High)

Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.

CWE-12842021

CVE-2022-0214

HIGH

CVSS:7.5(High)

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a...

CWE-12842022

CVE-2022-1174

HIGH

CVSS:7.5(High)

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attack...

CWE-12842022

CVE-2022-20445

HIGH

CVSS:7.5(High)

In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional executio...

CWE-12842022