GHSA-r7pq-3x6p-7jcm

Source

https://github.com/advisories/GHSA-r7pq-3x6p-7jcm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-r7pq-3x6p-7jcm/GHSA-r7pq-3x6p-7jcm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r7pq-3x6p-7jcm

Aliases

CVE-2022-29863

Published

2022-06-17T21:45:15Z

Modified

2023-11-08T04:09:15.055051Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core

Details

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message.

Database specific

{
    "nvd_published_at": "2022-06-16T18:15:00Z",
    "github_reviewed_at": "2022-06-17T21:45:15Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-789"
    ]
}

References

Affected packages

NuGet / OPCFoundation.NetStandard.Opc.Ua.Core

Package

Name: OPCFoundation.NetStandard.Opc.Ua.Core; View open source insights on deps.dev
Purl: pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.368.58

Affected versions

0.*

0.0.3

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

1.*

1.4.363.104-preview

1.4.363.107

1.4.364.40

1.4.365-gfc341ee8c5

1.4.365.1-preview

1.4.365.2

1.4.365.10

1.4.365.23

1.4.365.48

1.4.366.31-preview

1.4.366.38

1.4.367.39

1.4.367.41

1.4.367.42

1.4.367.64-preview

1.4.367.75

1.4.367.95

1.4.367.100

1.4.368.27-preview

1.4.368.33

1.4.368.52-preview

1.4.368.53

Database specific

{
    "last_known_affected_version_range": "<= 1.4.368.53"
}