CVE-2022-25903

Name of the Vulnerable Software and Affected Versions opcua versions 0.0.0 through 0.11.0

Description The issue allows for Denial of Service (DoS) via the ExtensionObjects and Variants objects. This occurs because the package allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Recommendations For versions 0.0.0 through 0.11.0, consider disabling the use of ExtensionObjects and Variants objects until a patch is available to prevent unlimited nesting levels and potential stack overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.