CVE-2022-25903

HIGH7.5EPSS 0.61%

opcua Vulnerable to Out-of-bounds Write

Published: 8/25/2022Modified: 11/8/2023

Description

The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Affected packages (1)

crates.io/opcuafrom 0, < 0.11.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25903
PATCHhttps://github.com/locka99/opcua
WEBhttps://github.com/locka99/opcua/pull/216
WEBhttps://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd
WEBhttps://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750