CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-25761 – Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2022-25761
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. El paquete open62541/open62541 versiones anteriores a 1.2.5, a partir de la 1.3-rc1 y anteriores a 1.3.1, son vulnerables a una Denegación de Servicio (DoS) debido a una falta de limitación del número de chunks recibidos - por sesión única o en total para todas las sesiones concurrentes. Un atacante puede explotar esta vulnerabilidad mediante el envío de un número ilimitado de chunks enormes (por ejemplo, 2GB cada uno) sin enviar el chunk de cierre Final. • https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c https://github.com/open62541/open62541/pull/5173 https://github.com/open62541/open62541/releases/tag/v1.2.5 https://github.com/open62541/open62541/releases/tag/v1.3.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNUV4FDVDBQHCPMOOEVKLMQK5SLKPK2L https://security.snyk.io/vuln/SNYK-UNMANAGED-OPEN62541OPEN62541-2988719 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36429
https://notcve.org/view.php?id=CVE-2020-36429
Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth. Una función Variant_encodeJson en open62541 versiones 1.x anteriores a 1.0.4, presenta una escritura fuera de límites para una gran recursión depth • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20578 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/open62541/OSV-2020-153.yaml https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d https://github.com/open62541/open62541/compare/v1.0.3...v1.0.4 • CWE-787: Out-of-bounds Write •