{"id":"CVE-2022-25761","details":"The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.","modified":"2026-04-11T22:01:33.838173Z","published":"2022-08-23T05:15:08.047Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNUV4FDVDBQHCPMOOEVKLMQK5SLKPK2L/"},{"type":"ADVISORY","url":"https://github.com/open62541/open62541/releases/tag/v1.2.5"},{"type":"ADVISORY","url":"https://github.com/open62541/open62541/releases/tag/v1.3.1"},{"type":"FIX","url":"https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c"},{"type":"FIX","url":"https://github.com/open62541/open62541/pull/5173"},{"type":"FIX","url":"https://security.snyk.io/vuln/SNYK-UNMANAGED-OPEN62541OPEN62541-2988719"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open62541/open62541","events":[{"introduced":"0"},{"fixed":"b79db1ac78146fc06b0b8435773d3967de2d659c"},{"introduced":"0"},{"last_affected":"271f3dcb01361a220fba25085570657e2151bf23"},{"introduced":"0"},{"last_affected":"29413130c2cd37e6a7e0a5495914746cc62f90d0"},{"introduced":"0"},{"last_affected":"29413130c2cd37e6a7e0a5495914746cc62f90d0"},{"introduced":"0"},{"last_affected":"7c3d4ed848545075d64a876325964cc610a8e38d"},{"fixed":"3010bc67fbfd8de0921fc38c9efa146cd2e02c7f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.5"},{"introduced":"0"},{"last_affected":"1.3-rc1"},{"introduced":"0"},{"last_affected":"1.3-rc2"},{"introduced":"0"},{"last_affected":"1.3-rc2\\-ef"},{"introduced":"0"},{"last_affected":"1.3-rc2\\-ef2"}]}}],"versions":["basic256sha256","v0.0.0-150309","v0.1-automation14","v0.1.0-RC1","v0.1.0-RC4","v0.2.0-RC1","v1.0-dev","v1.0-rc3","v1.1","v1.1-dev","v1.1-rc1","v1.2","v1.2-rc1","v1.2-rc2","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3","v1.3-rc1","v1.3-rc2","v1.3-rc2-ef","v1.3-rc2-ef2"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c","digest":{"line_hashes":["230720036916659010073438753242763511241","309256014587754484552863108303040396886","32262098470712975722642726300479352055","169655162145002591621653806397249571293","208205329600162213868862030804768631225","96327171054213682327439455929198368345","239271829709436322775553859428487191162","230994168975278319830658354898151042950","2281420993811699958804173606656575184","5291667834427012914865627332203614526"],"threshold":0.9},"signature_type":"Line","target":{"file":"plugins/ua_config_default.c"},"id":"CVE-2022-25761-53f0a256","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c","digest":{"line_hashes":["267721890317018078205118307966938148501","144881763123780553754012535866959630326","197972625727028604822001996232427396303","160973447823174764494251048854372756890"],"threshold":0.9},"signature_type":"Line","target":{"file":"tests/check_securechannel.c"},"id":"CVE-2022-25761-d9d0226a","deprecated":false,"signature_version":"v1"},{"source":"https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c","digest":{"function_hash":"312092077054747693308544122124291877905","length":440},"signature_type":"Function","target":{"file":"tests/check_securechannel.c","function":"setup_secureChannel"},"id":"CVE-2022-25761-e47d7b2a","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25761.json","vanir_signatures_modified":"2026-04-11T22:01:33Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"37"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}