Vulnerability Description
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node-Opcua Project | Node-Opcua | < 2.74.0 |
Related Weaknesses (CWE)
References
- https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310bPatchThird Party AdvisoryVDB Entry
- https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e40735PatchThird Party Advisory
- https://github.com/node-opcua/node-opcua/pull/1182PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725PatchThird Party Advisory
- https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310bPatchThird Party AdvisoryVDB Entry
- https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e40735PatchThird Party Advisory
- https://github.com/node-opcua/node-opcua/pull/1182PatchThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725PatchThird Party Advisory
FAQ
What is CVE-2022-24375?
CVE-2022-24375 is a vulnerability with a CVSS score of 7.5 (HIGH). The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the delete...
How severe is CVE-2022-24375?
CVE-2022-24375 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24375?
Check the references section above for vendor advisories and patch information. Affected products include: Node-Opcua Project Node-Opcua.