Skip to content

Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core

High
opcfoundation-org published GHSA-r7pq-3x6p-7jcm Jun 15, 2022

Package

nuget OPCFoundation.NetStandard.Opc.Ua.Core (NuGet)

Affected versions

<= 1.4.368.53

Patched versions

>= 1.4.368.58

Description

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf

Severity

High

CVE ID

CVE-2022-29863

Weaknesses

Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. Learn more on MITRE.