Bug 2122900 (CVE-2022-25761)

Summary: CVE-2022-25761 open62541: incorrect limits allow a DoS
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jreimann, thofmann
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: open62541 1.2.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-03 11:32:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2122901, 2122902    
Bug Blocks:    

Description Marian Rehak 2022-08-31 08:41:39 UTC 
A Denial of Service due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

Reference:

https://github.com/open62541/open62541/pull/5173
https://security.snyk.io/vuln/SNYK-UNMANAGED-OPEN62541OPEN62541-2988719
https://github.com/open62541/open62541/releases/tag/v1.2.5
https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c
https://github.com/open62541/open62541/releases/tag/v1.3.1
Comment 1 Marian Rehak 2022-08-31 08:41:55 UTC 
Created open62541 tracking bugs for this issue:

Affects: epel-7 [bug 2122902]
Affects: fedora-all [bug 2122901]
Comment 2 Product Security DevOps Team 2022-09-03 11:32:45 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.