kevinherron / stack-overflow-poc Public

Notifications You must be signed in to change notification settings
Fork 1
Star 0

PoC for CVE-2018-12086 affecting various OPC UA stacks

0 stars 1 fork Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
src/main/java/com/digitalpetri/opcua		src/main/java/com/digitalpetri/opcua
.gitignore		.gitignore
README.md		README.md
pom.xml		pom.xml

Repository files navigation

CVE-2018-12086 PoC

https://nvd.nist.gov/vuln/detail/CVE-2018-12086

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2018-12086.pdf

TL;DR: some OPC UA stacks are vulnerable to a stack overflow when decoding specially crafted requests.

Build

mvn clean package

Run

java -jar target/stack-overflow-poc.jar <endpointUrl>