PT-2022-19885 · Unknown · Opc Ua .Net Standard Stack

Published

2022-06-16

Updated

2022-06-27

CVE-2022-29863

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OPC UA .NET Standard Stack version 1.04.368

Description A remote attacker can cause a crash via a crafted message that triggers excessive memory allocation, leading to an out of memory exception. This issue allows a malicious client to exploit the server with a carefully crafted message.

Recommendations For OPC UA .NET Standard Stack version 1.04.368, consider implementing input validation to prevent excessive memory allocation from crafted messages as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-770

Related Identifiers

CVE-2022-29863

GHSA-R7PQ-3X6P-7JCM

Affected Products

Opc Ua .Net Standard Stack

PT-2022-19885 · Unknown · Opc Ua .Net Standard Stack

CVE-2022-29863

Weakness Enumeration

Related Identifiers

Affected Products

References · 8