CVE-2020-36429

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
open62541open62541
1.0.0 ≤
𝑥
< 1.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20578
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/open62541/OSV-2020-153.yaml
https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d
https://github.com/open62541/open62541/compare/v1.0.3...v1.0.4
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20578
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/open62541/OSV-2020-153.yaml
https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d
https://github.com/open62541/open62541/compare/v1.0.3...v1.0.4