CVE-2022-29866

Name of the Vulnerable Software and Affected Versions OPC UA .NET Standard Stack version 1.04.368

Description The issue allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. A malicious client can trigger a stack overflow exception in a server that exposes an HTTPS endpoint. This can lead to a denial-of-service condition.

Recommendations For version 1.04.368, consider restricting access to the server to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the TranslateBrowsePathsToNodeId function may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.