VYPR

npm package

node-opcua

pkg:npm/node-opcua

Vulnerabilities (3)

  • CVE-2022-24375Aug 24, 2022
    affected < 2.74.0fixed 2.74.0

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

  • CVE-2022-21208Aug 23, 2022
    affected < 2.74.0fixed 2.74.0

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of h

  • CVE-2022-25231Aug 23, 2022
    affected < 2.74.0fixed 2.74.0

    The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.