CVE-2022-25903

HIGH7.5EPSS 0.61%

opcua Vulnerable to Out-of-bounds Write

發布日:2022/8/25修改日:2023/11/8

描述

The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

受影響套件(1)

crates.io/opcuafrom 0, < 0.11.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-25903
PATCHhttps://github.com/locka99/opcua
WEBhttps://github.com/locka99/opcua/pull/216
WEBhttps://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd
WEBhttps://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750