Headline
CVE-2022-25761: fix(plugin): Add default limits for chunks and message size by jpfr · Pull Request #5173 · open62541/open62541
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.
An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Pick a username
Email Address
Password
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account