CVE-2024-25075 Information

Description

An issue was discovered in Softing uaToolkit Embedded before 1.41.1. When a subscription with a very low MaxNotificationPerPublish parameter is created a publish response is mishandled leading to memory consumption. When that happens often enough the device will be out of memory i.e. a denial of service.

Reference

https://industrial.softing.com/fileadmin/psirt/downloads/2024/syt-2024-2.html