PT-2021-11358 · Unknown · Opc Ua Tunneller
Published
2021-01-26
·
Updated
2021-02-03
·
CVE-2020-27274
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
OPC UA Tunneller versions prior to 6.3.0.8233
Description:
The issue arises from some parsing functions in the affected product not checking the return value of
malloc, which can force the thread handling the message to close. This may lead to a denial-of-service condition.Recommendations:
For versions prior to 6.3.0.8233, update to version 6.3.0.8233 or later to resolve the issue. As a temporary workaround, consider implementing additional error checking for
malloc return values to prevent thread closure.Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opc Ua Tunneller