CVE-2018-12086 PoC — OPC UA应用程序缓冲区错误漏洞

Source

https://github.com/kevinherron/stack-overflow-poc

Associated Vulnerability

Title:OPC UA应用程序缓冲区错误漏洞 (CVE-2018-12086)
Description:OPC UA applications是OPC（OLE for Process Control）基金会的一款独立于平台的面向服务的统一架构应用程序。 OPC UA应用程序中存在缓冲区溢出漏洞。远程攻击者可借助特制的请求利用该漏洞执行代码或造成拒绝服务。

Description

PoC for CVE-2018-12086 affecting various OPC UA stacks

Readme

# CVE-2018-12086 PoC

https://nvd.nist.gov/vuln/detail/CVE-2018-12086

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2018-12086.pdf

TL;DR: some OPC UA stacks are vulnerable to a stack overflow when decoding specially crafted requests.

## Build

`mvn clean package`

## Run

`java -jar target/stack-overflow-poc.jar <endpointUrl>`

File Snapshot


 [4.0K]  /data/pocs/4a17885117bf3a23dff0615e010b5b82a5e5a032
├── [2.8K]  pom.xml
├── [ 376]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  digitalpetri
                    └── [4.0K]  opcua
                        └── [2.9K]  StackOverflowPoc.java

6 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!