Lucene search
Uriya Yavnieli, JFrog Security Research TeamZDI-22-855HistoryJun 16, 2022 - 12:00 a.m.
(Pwn2Own) OPC Foundation UA .NET Standard TranslateBrowsePathsToNodeId Resource Exhaustion Denial-of-Service Vulnerability
2022-06-1600:00:00
Uriya Yavnieli, JFrog Security Research Team
www.zerodayinitiative.com
9
0.004 Low
EPSS
Percentile
74.0%
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TranslateBrowsePathsToNodeId method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
nvd
nvd
CVE-2022-29866
2022-06-16 18:15:10
cve
cve
CVE-2022-29866
2022-06-16 18:15:10
cvelist
cvelist
CVE-2022-29866
2022-06-16 17:39:39
prion
prion
Design/Logic Flaw
2022-06-16 18:15:00
osv
osv
CVE-2022-29866
2022-06-16 18:15:10
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
2022-06-17 21:44:23
veracode
veracode
Denial Of Service (DoS)
2022-06-27 09:40:14
github
github
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
2022-06-17 21:44:23