{"id":"CVE-2022-29866","details":"OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.","aliases":["GHSA-6fp8-cxc9-4fr9"],"modified":"2026-03-14T11:44:07.486270Z","published":"2022-06-16T18:15:10.150Z","references":[{"type":"ADVISORY","url":"https://opcfoundation.org/security/"},{"type":"FIX","url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29866.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opcfoundation/ua-.netstandard","events":[{"introduced":"0"},{"fixed":"88a96a1d9711d83350e45f5bd339c1692be614c9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.4.368.58"}]}}],"versions":["1.03.350","1.03.350.6","1.03.351.7","1.03.352.10","1.04.353.15","1.04.354.21","1.04.354.23","1.4.355.26","1.4.356.27","1.4.357.28","1.4.358.30","1.4.359.31","1.4.360.33","1.4.361.39","1.4.362.42","1.4.363.49","1.4.366.31-preview","1.4.367.64-preview","1.4.368.27-preview","1.4.368.33","1.4.368.52-preview","1.4.368.53"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29866.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}