CVE-2020-36429

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36429

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36429.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-36429

Published

2021-07-20T07:15:07.773Z

Modified

2025-11-14T11:00:22.253314Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.

References

Affected packages

Git / github.com/open62541/open62541

Affected ranges

Type: GIT
Repo: https://github.com/open62541/open62541
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c800e2987b10bb3af6ef644b515b5d6392f8861d

Affected versions

0.*

0.2-rc2

0.3-rc1

0.3-rc2

Other

basic256sha256

v0.*

v0.0.0-150309

v0.1-automation14

v0.1.0-RC1

v0.1.0-RC2

v0.1.0-RC3.3

v0.1.0-RC4

v0.2

v0.2.0-RC1

v1.*

v1.0

v1.0-dev

v1.0-rc1

v1.0-rc2

v1.0-rc3

v1.0-rc4

v1.0-rc5

v1.1-dev

v1.1-rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "232446076123946135939645049094528348619",
            "length": 103.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-37619012",
        "target": {
            "file": "src/ua_types_encoding_json.c",
            "function": "WRITE_JSON_ELEMENT"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "171631696095424329346436366443886636998",
                "272371987468136198303504430640267534088",
                "41651417264788631989536296745307507863",
                "146125882410948464231169559352572729682",
                "79258880184109319744536849159801851589",
                "110773983660757024916406908294012925234",
                "315196480013959386955217912480205957286",
                "59143138413461554673486238737972647993",
                "313031388964376238057255606389540038695",
                "258887258245297293481235993744954412239",
                "154525276088346484581746907004982550150",
                "65893383398946068036395934877970587871",
                "166200861673191900426096274928761095609",
                "111613222338900123914035625887012827749",
                "212328624759505596178946986462604797459",
                "32585414257997715982589634038667265986",
                "65888083066455135333620260266115770296",
                "74594884956477849238008365469026643026",
                "112503441126355109026216273973930545205"
            ]
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-37a6c280",
        "target": {
            "file": "src/ua_types_encoding_json.c"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "145510635280143188610133439636619391386",
            "length": 1134.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-5380ffb2",
        "target": {
            "file": "src/ua_types_encoding_json.c",
            "function": "encodeJsonStructure"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "16905178019275247773709815027505232738",
            "length": 768.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-9b8a5c53",
        "target": {
            "file": "src/ua_types_encoding_json.c",
            "function": "addMultiArrayContentJSON"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "50955694977577986011033256783286303446",
            "length": 118.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-bffd06dd",
        "target": {
            "file": "src/ua_types_encoding_json.c",
            "function": "WRITE_JSON_ELEMENT"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "276114975370014126614951229178890591802",
            "length": 1346.0
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-36429-e2ecc049",
        "target": {
            "file": "src/ua_types_encoding_json.c",
            "function": "decodeJsonStructure"
        },
        "source": "https://github.com/open62541/open62541/commit/c800e2987b10bb3af6ef644b515b5d6392f8861d",
        "signature_type": "Function"
    }
]