CVE-2022-29864

Name of the Vulnerable Software and Affected Versions OPC UA .NET Standard Stack version 1.04.368

Description The issue allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption, potentially leading to a denial-of-service. This can be achieved by sending a large number of message chunks, causing the server to trigger an out of memory exception.

Recommendations For OPC UA .NET Standard Stack version 1.04.368, consider implementing measures to limit the number of messages that can be sent to the server within a certain timeframe to prevent Uncontrolled Resource Consumption. As a temporary workaround, consider restricting access to the server or implementing rate limiting on incoming messages until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.