Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oZ3hxLWhjcm0tYzVwbc4AAubl

opcua Vulnerable to Out-of-bounds Write

The package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Permalink: https://github.com/advisories/GHSA-hgxq-hcrm-c5pm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZ3hxLWhjcm0tYzVwbc4AAubl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-hgxq-hcrm-c5pm, CVE-2022-25903
References: Repository: https://github.com/locka99/opcua

Affected Packages

cargo:opcua
Dependent packages: 1
Dependent repositories: 4
Downloads: 16,970 total
Affected Version Ranges: < 0.11.0
Fixed in: 0.11.0
All affected versions: 0.10.0
All unaffected versions: 0.11.0, 0.12.0