CVE-2022-25903 Information

Description

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects when it allows unlimited nesting levels which could result in a stack overflow even if the message size is less than the maximum allowed.

Reference

https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750 https://github.com/locka99/opcua/pull/216 https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd