Open62541
by Open62541
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11946 | imp | 0.49 | 7.5 | 0.00 | Jul 2, 2026 | open62541: open62541: Denial of Service via unvalidated endpoint URL length | ||
| CVE-2024-53429 | Hig | 0.49 | 7.5 | 0.01 | Nov 21, 2024 | Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. | ||
| CVE-2020-36429 | Med | 0.29 | 5.5 | 0.00 | Jul 20, 2021 | Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth. | ||
| CVE-2026-33592 | 0.00 | — | — | Jul 4, 2026 | An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered… | |||
| CVE-2022-25761 | Hig | 0.00 | 7.5 | 0.01 | Aug 23, 2022 | The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this… |
- risk 0.49cvss 7.5epss 0.00
open62541: open62541: Denial of Service via unvalidated endpoint URL length
- risk 0.49cvss 7.5epss 0.01
Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash.
- risk 0.29cvss 5.5epss 0.00
Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.
- CVE-2026-33592Jul 4, 2026risk 0.00cvss —epss —
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered…
- risk 0.00cvss 7.5epss 0.01
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this…