Skip to content

Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard

Moderate severity GitHub Reviewed Published Aug 2, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

nuget OPCFoundation.NetStandard.Opc.Ua (NuGet)

Affected versions

<= 1.4.358.30

Patched versions

1.4.359.31

Description

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.

References

Published by the National Vulnerability Database Apr 22, 2020
Reviewed May 25, 2021
Published to the GitHub Advisory Database Aug 2, 2021
Last updated Feb 1, 2023

Severity

Moderate

EPSS score

1.459%
(86th percentile)

CVE ID

CVE-2020-8867

GHSA ID

GHSA-9q94-v7ch-mxqw

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.