CVE-2022-25888

Name of the Vulnerable Software and Affected Versions opcua versions 0.0.0 and later

Description The issue is related to a Denial of Service (DoS) due to a missing limitation on the number of received chunks per single session or in total for all concurrent sessions. An attacker can exploit this by sending an unlimited number of huge chunks without sending the Final closing chunk, leading to uncontrolled resource consumption. This can allow a remote attacker to cause a service disruption.

Recommendations For versions 0.0.0 and later, consider implementing a limitation on the number of received chunks per session or in total for all concurrent sessions to prevent uncontrolled resource consumption. As a temporary workaround, consider restricting the size of chunks that can be received or implementing rate limiting on incoming chunks to minimize the risk of exploitation.