CVE-2022-25903

Опубликовано: 24 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Ссылки

https://github.com/locka99/opcua/pull/216
Third Party Advisory
https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750
Patch
Third Party Advisory
https://github.com/locka99/opcua/pull/216
Third Party Advisory
https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opcua_project:opcua:*:*:*:*:*:rust:*:*

Версия от 0.0.0 (включая)

EPSS

Процентиль: 68%

0.00579

Низкий

7.5 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-hgxq-hcrm-c5pm