Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(plugin): Add default limits for chunks and message size #5173

Merged
merged 1 commit into from Jun 4, 2022

Conversation

jpfr
Copy link
Member

@jpfr jpfr commented Jun 4, 2022

Based on a reported DoS vulnerability reported by Team82 (Claroty
Research).

Based on a reported DoS vulnerability reported by Team82 (Claroty
Research).
@jpfr jpfr merged commit b79db1a into open62541:1.2 Jun 4, 2022
8 of 11 checks passed
@jpfr jpfr deleted the limit_chunks branch June 4, 2022 13:09
@peschuster
Copy link
Contributor

Will there be a CVE for this issue? @jpfr
Is this also exploitable without a valid, trusted client certificate?
I assume systems with less than 512 MB memory will need to further reduce the max. settings or how does this config option affect memory consumption?

@jpfr
Copy link
Member Author

jpfr commented Jun 20, 2022

Yes, systems with less memory need to adjust.
But we do already cover malloc returning NULL when the system is out of memory.

I will post the CVE once I receive it.
Making the CVE is up to the group that reported the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants