CVE-2022-25761

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-25761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25761
Published
2022-08-23T05:15:08.047Z
Modified
2026-04-11T22:01:33.838173Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

References

Affected packages

Git / github.com/open62541/open62541

Affected ranges

Type
GIT
Repo
https://github.com/open62541/open62541
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b79db1ac78146fc06b0b8435773d3967de2d659c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
271f3dcb01361a220fba25085570657e2151bf23
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
29413130c2cd37e6a7e0a5495914746cc62f90d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
29413130c2cd37e6a7e0a5495914746cc62f90d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7c3d4ed848545075d64a876325964cc610a8e38d
Fixed
3010bc67fbfd8de0921fc38c9efa146cd2e02c7f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3-rc2\\-ef"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3-rc2\\-ef2"
        }
    ]
}

Affected versions

Other
basic256sha256
v0.*
v0.0.0-150309
v0.1-automation14
v0.1.0-RC1
v0.1.0-RC4
v0.2.0-RC1
v1.*
v1.0-dev
v1.0-rc3
v1.1
v1.1-dev
v1.1-rc1
v1.2
v1.2-rc1
v1.2-rc2
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3
v1.3-rc1
v1.3-rc2
v1.3-rc2-ef
v1.3-rc2-ef2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25761.json"
vanir_signatures_modified 
"2026-04-11T22:01:33Z"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "230720036916659010073438753242763511241",
                "309256014587754484552863108303040396886",
                "32262098470712975722642726300479352055",
                "169655162145002591621653806397249571293",
                "208205329600162213868862030804768631225",
                "96327171054213682327439455929198368345",
                "239271829709436322775553859428487191162",
                "230994168975278319830658354898151042950",
                "2281420993811699958804173606656575184",
                "5291667834427012914865627332203614526"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-25761-53f0a256",
        "signature_version": "v1",
        "source": "https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c",
        "target": {
            "file": "plugins/ua_config_default.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "267721890317018078205118307966938148501",
                "144881763123780553754012535866959630326",
                "197972625727028604822001996232427396303",
                "160973447823174764494251048854372756890"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-25761-d9d0226a",
        "signature_version": "v1",
        "source": "https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c",
        "target": {
            "file": "tests/check_securechannel.c"
        }
    },
    {
        "digest": {
            "length": 440.0,
            "function_hash": "312092077054747693308544122124291877905"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-25761-e47d7b2a",
        "signature_version": "v1",
        "source": "https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c",
        "target": {
            "function": "setup_secureChannel",
            "file": "tests/check_securechannel.c"
        }
    }
]