GCVE - cpe:2.3:a:n/a:opcua:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:opcua:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Opcua (`a1078959-a0af-5569-a1c5-a33f5be11d2f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-25903`	vulnerable	2026-06-08 05:41:49.658869	Denial of Service (DoS) HIGH (7.5) The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. Published: 2022-08-24T05:00:19.697Z Updated: 2024-09-17T01:45:33.657Z Open on db.gcve.eu Reference links https://github.com/locka99/opcua/pull/216 https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750 https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25888`	vulnerable	2026-06-08 05:41:49.625523	Denial of Service (DoS) HIGH (7.5) The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. Published: 2022-08-23T05:07:40.316Z Updated: 2024-09-16T23:15:19.823Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988751 https://github.com/locka99/opcua/pull/216 https://github.com/locka99/opcua/pull/216/commits/6fb683c5fec46c6dd347824491c4d93a229da695	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25304`	vulnerable	2026-06-08 05:41:45.691431	Denial of Service (DoS) HIGH (7.5) All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. Published: 2022-08-23T05:05:11.904Z Updated: 2024-09-17T02:48:11.272Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-PYTHON-OPCUA-2988730 https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-2988731 https://github.com/FreeOpcUa/python-opcua/issues/1466	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.