CVE-2022-25761

Name of the Vulnerable Software and Affected Versions open62541/open62541 versions 1.2.0 through 1.2.4 open62541/open62541 versions 1.3-rc1 through 1.3.0

Description The issue is related to a Denial of Service (DoS) due to a missing limitation on the number of received chunks per single session or in total for all concurrent sessions. An attacker can exploit this by sending an unlimited number of huge chunks without sending the Final closing chunk.

Recommendations For versions 1.2.0 through 1.2.4, update to version 1.2.5 or later. For versions 1.3-rc1 through 1.3.0, update to version 1.3.1 or later.