High severity7.5NVD Advisory· Published Jul 5, 2024· Updated Apr 15, 2026

CVE-2024-33862

Description

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
OPCFoundation.NetStandard.Opc.Ua.CoreNuGet	< 1.5.374.54	1.5.374.54

Patches

52d4492ccc92

Set TCP defaults for max message size to align with min buffer size (#2616)

https://github.com/OPCFoundation/UA-.NETStandardMartin RegenMay 13, 2024via ghsa

commit

4 files changed · +30 −13

Stack/Opc.Ua.Core/Stack/Tcp/TcpMessageType.cs+15 −2 modified

@@ -242,15 +242,16 @@ public static class TcpMessageLimits
         /// <summary>
         /// The default maximum chunk count for Request and Response messages.
         /// </summary>
-        public const int DefaultMaxChunkCount = 32;
+        public const int DefaultMaxChunkCount = DefaultMaxMessageSize / MinBufferSize;
 
         /// <summary>
         /// The default maximum message size.
         /// </summary>
         /// <remarks>
+        /// The default is 2MB. Ensure to set this to a value aligned to <see cref="MinBufferSize"/>.
         /// This default is for the Tcp transport. <see cref="DefaultEncodingLimits.MaxMessageSize"/> for the generic default.
         /// </remarks>
-        public const int DefaultMaxMessageSize = DefaultMaxChunkCount * DefaultMaxBufferSize;
+        public const int DefaultMaxMessageSize = MinBufferSize * 256;
 
         /// <summary>
         /// The default maximum message size for the discovery channel.
@@ -301,5 +302,17 @@ public static class TcpMessageLimits
         /// The certificates that have the key size larger than KeySizeExtraPadding need an extra padding byte in the transport message
         /// </summary>
         public const int KeySizeExtraPadding = 2048;
+
+        /// <summary>
+        /// Aligns the max message size to the nearest min buffer size.
+        /// </summary>
+        /// <remarks>
+        /// Align user configured maximum message size to avoid rounding errors in other UA implementations.
+        /// </remarks>
+        public static int AlignRoundMaxMessageSize(int value)
+        {
+            int alignmentMask = MinBufferSize - 1;
+            return (value + alignmentMask) & ~alignmentMask;
+        }
     }
 }

Stack/Opc.Ua.Core/Stack/Tcp/TcpTransportListener.cs+2 −2 modified

@@ -138,12 +138,12 @@ public void Open(
             {
                 m_inactivityDetectPeriod = configuration.ChannelLifetime / 2;
                 m_quotas.MaxBufferSize = configuration.MaxBufferSize;
-                m_quotas.MaxMessageSize = configuration.MaxMessageSize;
+                m_quotas.MaxMessageSize = TcpMessageLimits.AlignRoundMaxMessageSize(configuration.MaxMessageSize);
                 m_quotas.ChannelLifetime = configuration.ChannelLifetime;
                 m_quotas.SecurityTokenLifetime = configuration.SecurityTokenLifetime;
                 messageContext.MaxArrayLength = configuration.MaxArrayLength;
                 messageContext.MaxByteStringLength = configuration.MaxByteStringLength;
-                messageContext.MaxMessageSize = configuration.MaxMessageSize;
+                messageContext.MaxMessageSize = TcpMessageLimits.AlignRoundMaxMessageSize(configuration.MaxMessageSize);
                 messageContext.MaxStringLength = configuration.MaxStringLength;
                 messageContext.MaxEncodingNestingLevels = configuration.MaxEncodingNestingLevels;
                 messageContext.MaxDecoderRecoveries = configuration.MaxDecoderRecoveries;

Stack/Opc.Ua.Core/Stack/Tcp/UaSCBinaryTransportChannel.cs+2 −2 modified

@@ -423,13 +423,13 @@ private void SaveSettings(Uri url, TransportChannelSettings settings)
             EndpointConfiguration configuration = m_settings.Configuration;
             m_quotas = new ChannelQuotas {
                 MaxBufferSize = configuration.MaxBufferSize,
-                MaxMessageSize = configuration.MaxMessageSize,
+                MaxMessageSize = TcpMessageLimits.AlignRoundMaxMessageSize(configuration.MaxMessageSize),
                 ChannelLifetime = configuration.ChannelLifetime,
                 SecurityTokenLifetime = configuration.SecurityTokenLifetime,
                 MessageContext = new ServiceMessageContext() {
                     MaxArrayLength = configuration.MaxArrayLength,
                     MaxByteStringLength = configuration.MaxByteStringLength,
-                    MaxMessageSize = configuration.MaxMessageSize,
+                    MaxMessageSize = TcpMessageLimits.AlignRoundMaxMessageSize(configuration.MaxMessageSize),
                     MaxStringLength = configuration.MaxStringLength,
                     MaxEncodingNestingLevels = configuration.MaxEncodingNestingLevels,
                     MaxDecoderRecoveries = configuration.MaxDecoderRecoveries,

Stack/Opc.Ua.Core/Types/Utils/DefaultEncodingLimits.cs+11 −7 modified

@@ -11,6 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
 
 using System;
+using Opc.Ua.Bindings;
 
 namespace Opc.Ua
 {
@@ -21,32 +22,35 @@ namespace Opc.Ua
     public static class DefaultEncodingLimits
     {
         /// <summary>
-        /// The maximum length for any string, byte string or xml element.
+        /// The default maximum length for any string, byte string or xml element.
         /// </summary>
         public static readonly int MaxStringLength = UInt16.MaxValue;
 
         /// <summary>
-        /// The maximum length for any array.
+        /// The default maximum length for any array.
         /// </summary>
         public static readonly int MaxArrayLength = UInt16.MaxValue;
 
         /// <summary>
-        /// The maximum length for any ByteString.
+        /// The default maximum length for any ByteString.
         /// </summary>
         public static readonly int MaxByteStringLength = UInt16.MaxValue * 16;
 
         /// <summary>
-        /// The maximum length for any Message.
+        /// The default maximum length for any Message.
         /// </summary>
-        public static readonly int MaxMessageSize = UInt16.MaxValue * 32;
+        /// <remarks>
+        /// Default is 2MB. Set to multiple of MinBufferSize to avoid rounding errors in other UA implementations.
+        /// </remarks>
+        public static readonly int MaxMessageSize = TcpMessageLimits.MinBufferSize * 256;
 
         /// <summary>
-        /// The maximum nesting level accepted while encoding or decoding objects.
+        /// The default maximum nesting level accepted while encoding or decoding objects.
         /// </summary>
         public static readonly int MaxEncodingNestingLevels = 200;
 
         /// <summary>
-        /// The number of times the decoder can recover from an error 
+        /// The default number of times the decoder can recover from an error 
         /// caused by an encoded ExtensionObject before throwing a decoder error.
         /// </summary>
         public static readonly int MaxDecoderRecoveries = 0;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000