GHSA-hgxq-hcrm-c5pm

Source

https://github.com/advisories/GHSA-hgxq-hcrm-c5pm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-hgxq-hcrm-c5pm/GHSA-hgxq-hcrm-c5pm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hgxq-hcrm-c5pm

Aliases

CVE-2022-25903

Published

2022-08-25T00:00:29Z

Modified

2023-11-08T04:08:51.580146Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

opcua Vulnerable to Out-of-bounds Write

Details

The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Database specific

{
    "severity": "HIGH",
    "github_reviewed_at": "2022-09-01T22:23:05Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "nvd_published_at": "2022-08-24T05:15:00Z",
    "github_reviewed": true
}

References

Affected packages

crates.io / opcua

Package

Name: opcua; View open source insights on deps.dev
Purl: pkg:cargo/opcua

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-hgxq-hcrm-c5pm/GHSA-hgxq-hcrm-c5pm.json"