CVE-2022-25903

HIGH

opcua < 0.11.0 - Denial of Service via ExtensionObjects and Variants Nesting

Title source: llm
STIX 2.1

Description

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/locka99/opcua/pull/216
Patch, Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750

Scores

CVSS v3 7.5
EPSS 0.0111
EPSS Percentile 62.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (2)
crates.io/opcua 0 - 0.11.0crates.io
opcua_project/opcua 0.0.0
Published Aug 24, 2022
Tracked Since Feb 18, 2026