Headline
CVE-2021-45117
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
%PDF-1.7 %���� 1 0 obj <>/Metadata 152 0 R/ViewerPreferences 153 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 20 0 R 23 0 R 24 0 R 25 0 R 26 0 R 27 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��\Ys�F~W������+�*���l��Z����%�R�����ow�x v�d������tܼ�������o��u�Ûq��+2��p����(�:����`y}�Ç뫛�<*�0���@�D"dp�$Q�a��~��,x������˯?^_��=cR��dL��� >�������뫳��B���2A�5 ���^ �0�av:�Θ��G����H����G����J�LI���2%c�d�R0��=2#� 푐F&^K�[�y=���kb%*Y���w���`�n��v+�T�%�A0�Ë��y��6���ߧ��:�Ԡ�Gr��e��I�ҷ�j=T�<�͊@��.Vn7�\���H�)�e��6����� �����`2��pd����{�U3����viM��5$abZ�&E����X} Fޡ6�,J�f0{u��Z�< ����_�# &�)�?����Ј.��Y(;����3�� �p��p.t�a�� /���aa�5� ��c���cƝZ�/ e�u��:ї�ۗ��0�8�/]��("�(�:O-\p����>���Y��Kn��y��`��)�N�ɉ�mؙ�i�ױF/;\���J�hU�"��Ң��&���ϓ5~�z��ِ���D.N�aN�KY�fAk`�����,r���A1L`�����.a�Œ9G_ԃŐ��gX��<@QN��3 nZ,A��z����*��s��mR�$$��IeKʎ��aIt��mp�+�Ǒn�Š�H �’!A��`�(Ii�$jL��ǔ��� LA ����’ T��
Related news
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.