4 matches found
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +112 more potentially affected by CVE-2022-24375 via node-opcua (>=0.0.49 <=2.73.1)
node-opcua NPM version =0.0.49, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-24375 Source advisory: OSV:GHSA-VH4F-FGPP-X8X2...
CVE-2022-24375
creationtimestamp| type| source ---|---|--- 2022-08-24 12:22:23+00:00| seen| https://t.me/cibsecurity/48629...
CVE-2022-24375 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...
CVE-2022-24375
The CVE-2022-24375, observed in the node-opcua package, is a DoS vulnerability that occurs when an attacker bypasses memory-consumption limits by sending multiple CloseSession requests with deleteSubscription set to False. Affected are versions prior to 2.74.0. The root cause is improper resource...