npm package
node-opcua
pkg:npm/node-opcua
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24375 | — | < 2.74.0 | 2.74.0 | Aug 24, 2022 | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | ||
| CVE-2022-21208 | — | < 2.74.0 | 2.74.0 | Aug 23, 2022 | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of h | ||
| CVE-2022-25231 | — | < 2.74.0 | 2.74.0 | Aug 23, 2022 | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit. |
- CVE-2022-24375Aug 24, 2022affected < 2.74.0fixed 2.74.0
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
- CVE-2022-21208Aug 23, 2022affected < 2.74.0fixed 2.74.0
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of h
- CVE-2022-25231Aug 23, 2022affected < 2.74.0fixed 2.74.0
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.