CVE-2020-36429 Information

Description

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20578 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/open62541/OSV-2020-153.yaml https://github.com/open62541/open62541/compare/v1.0.3…v1.0.4

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5