CVE-2022-25761

2022-08-2305:15:08

CWE-770

[email protected]

web.nvd.nist.gov

open62541

dos vulnerability

1.3.1

security issue

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.2%

JSON

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

Affected configurations

Nvd

Node

open62541open62541Range<1.2.5

open62541open62541Match1.3rc1

open62541open62541Match1.3rc2

open62541open62541Match1.3rc2-ef

open62541open62541Match1.3rc2-ef2

Node

fedoraprojectfedoraMatch37

VendorProductVersionCPE
open62541open62541*cpe:2.3:a:open62541:open62541:*:*:*:*:*:*:*:*
open62541open625411.3cpe:2.3:a:open62541:open62541:1.3:rc1:*:*:*:*:*:*
open62541open625411.3cpe:2.3:a:open62541:open62541:1.3:rc2:*:*:*:*:*:*
open62541open625411.3cpe:2.3:a:open62541:open62541:1.3:rc2-ef:*:*:*:*:*:*
open62541open625411.3cpe:2.3:a:open62541:open62541:1.3:rc2-ef2:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open62541	open62541	*	cpe:2.3:a:open62541:open62541::::::::
open62541	open62541	1.3	cpe:2.3:a:open62541:open62541:1.3:rc1::::::
open62541	open62541	1.3	cpe:2.3:a:open62541:open62541:1.3:rc2::::::
open62541	open62541	1.3	cpe:2.3:a:open62541:open62541:1.3:rc2-ef::::::
open62541	open62541	1.3	cpe:2.3:a:open62541:open62541:1.3:rc2-ef2::::::
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*