Source: open62541
Version: 1.4.11.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for open62541.

CVE-2026-11946[0]:
| An unauthenticated remote attacker can exhaust server memory via the
| GetEndpoints Discovery Service in open62541. The endpointUrl field
| of GetEndpointsRequest is not validated for length. An attacker can
| declare an arbitrarily large string (up to ~4.09 GB via the UInt32
| length field) delivered across intermediate chunks without ever
| sending the final chunk. The server buffers all chunks in RAM
| indefinitely until the SecureChannel times out. The attack is pre-
| session and bypasses all encryption configurations.    The issue
| affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through
| 1.5.4, master.


CVE-2026-33592[1]:
| An unauthenticated remote attacker can exhaust server memory via the
| FindServers Discovery Service in open62541. The serverUris field of
| FindServersRequest is not validated for length or array size. An
| attacker can declare an arbitrarily large string (up to ~3.9 GB)
| delivered across intermediate chunks without ever sending the final
| chunk. The server buffers all chunks in RAM indefinitely until the
| SecureChannel times out. The attack is pre-session and bypasses all
| encryption configuration. The issue affects open62541: from 1.4.0
| through 1.4.16, from 1.5.0 through 1.5.4, master.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-11946
    https://www.cve.org/CVERecord?id=CVE-2026-11946
[1] https://security-tracker.debian.org/tracker/CVE-2026-33592
    https://www.cve.org/CVERecord?id=CVE-2026-33592
[2] https://github.com/open62541/open62541/pull/8142
[3] 
https://github.com/open62541/open62541/commit/c9563e8ea4a8db2f64059c8ff7efe0b49a35bea3

Regards,
Salvatore

Reply via email to