Vulnerabilities > CVE-2022-25302 - Unspecified vulnerability in OPC UA Stack Project OPC UA Stack
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |