CVE-2022-25903 – opcua

Package

Manager: cargo
Name: opcua
Vulnerable Version: >=0 <0.11.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00583 pctl0.68013

Details

opcua Vulnerable to Out-of-bounds Write The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Metadata

Created: 2022-08-25T00:00:29Z
Modified: 2022-09-01T22:23:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-hgxq-hcrm-c5pm/GHSA-hgxq-hcrm-c5pm.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-hgxq-hcrm-c5pm
Finding: F111
Auto approve: 1