Home > Vulnerability Database > CVE-2022-25903

Mend.io Vulnerability Database

CVE-2022-25903

Good to know:

Date: August 24, 2022

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

Language: RUST

Severity Score

7.5

Related Resources (4)

Url: https://github.com/locka99/opcua/pull/216

Url: https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25903

Url: https://www.mend.io/vulnerability-database/CVE-2022-25903

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version opcua - 0.11.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25903

Good to know:

Date: August 24, 2022

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?