Open62541
Monthly
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.
Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.
Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.
Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.
Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.