{"url":"http://public2.vulnerablecode.io/api/packages/512439?format=json","purl":"pkg:cargo/opcua@0.11.0","type":"cargo","namespace":"","name":"opcua","version":"0.11.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109970?format=json","vulnerability_id":"VCID-4cma-pzrt-9fc6","summary":"opcua Vulnerable to Out-of-bounds Write\nThe package opcua from 0.0.0 until 0.11.0 is vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25903","reference_id":"","reference_type":"","scores":[{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70221","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.7021","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70218","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00611","scoring_system":"epss","scoring_elements":"0.70198","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25903"},{"reference_url":"https://github.com/locka99/opcua","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua"},{"reference_url":"https://github.com/locka99/opcua/pull/216","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua/pull/216"},{"reference_url":"https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua/pull/216/commits/e75dada28a40c3fefc4aeee4cdc272e1b748f8dd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25903","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25903"},{"reference_url":"https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988750"},{"reference_url":"https://github.com/advisories/GHSA-hgxq-hcrm-c5pm","reference_id":"GHSA-hgxq-hcrm-c5pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgxq-hcrm-c5pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512439?format=json","purl":"pkg:cargo/opcua@0.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/opcua@0.11.0"}],"aliases":["CVE-2022-25903","GHSA-hgxq-hcrm-c5pm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cma-pzrt-9fc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109929?format=json","vulnerability_id":"VCID-uch9-fsfk-sfct","summary":"Uncontrolled Resource Consumption in opcua\nThe package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25888","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67654","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67637","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67657","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67615","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67664","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25888"},{"reference_url":"https://github.com/locka99/opcua","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua"},{"reference_url":"https://github.com/locka99/opcua/pull/216","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua/pull/216"},{"reference_url":"https://github.com/locka99/opcua/pull/216/commits/6fb683c5fec46c6dd347824491c4d93a229da695","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/locka99/opcua/pull/216/commits/6fb683c5fec46c6dd347824491c4d93a229da695"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25888"},{"reference_url":"https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988751","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-RUST-OPCUA-2988751"},{"reference_url":"https://github.com/advisories/GHSA-8mx2-gqx9-rm7f","reference_id":"GHSA-8mx2-gqx9-rm7f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mx2-gqx9-rm7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/512439?format=json","purl":"pkg:cargo/opcua@0.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/opcua@0.11.0"}],"aliases":["CVE-2022-25888","GHSA-8mx2-gqx9-rm7f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uch9-fsfk-sfct"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/opcua@0.11.0"}