Vulnerabilities > CVE-2022-25302 - Unspecified vulnerability in OPC UA Stack Project OPC UA Stack

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

opc-ua-stack-project

NVD

Published: 2022-08-23

Updated: 2023-08-08

Summary

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId.

Vulnerable Configurations

Part	Description	Count
Application	Opc_Ua_Stack_Project OPC UA Stack Project OPC UA Stack *	1

References

https://security.snyk.io/vuln/SNYK-UNMANAGED-ASNEGOPCUASTACK-2988732