{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "37"
              }
            ]
          }
        ]
      },
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "1.2.5"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3-rc1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3-rc2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3-rc2\\-ef"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3-rc2\\-ef2"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "b79db1ac78146fc06b0b8435773d3967de2d659c"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "271f3dcb01361a220fba25085570657e2151bf23"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "29413130c2cd37e6a7e0a5495914746cc62f90d0"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "29413130c2cd37e6a7e0a5495914746cc62f90d0"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "7c3d4ed848545075d64a876325964cc610a8e38d"
            },
            {
              "fixed": "3010bc67fbfd8de0921fc38c9efa146cd2e02c7f"
            }
          ],
          "repo": "https://github.com/open62541/open62541",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.",
  "id": "CVE-2022-25761",
  "modified": "2026-04-01T23:08:29.675137071Z",
  "published": "2022-08-23T05:15:08.047Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNUV4FDVDBQHCPMOOEVKLMQK5SLKPK2L/"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/open62541/open62541/releases/tag/v1.2.5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/open62541/open62541/releases/tag/v1.3.1"
    },
    {
      "type": "FIX",
      "url": "https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c"
    },
    {
      "type": "FIX",
      "url": "https://github.com/open62541/open62541/pull/5173"
    },
    {
      "type": "FIX",
      "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-OPEN62541OPEN62541-2988719"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}