4 matches found
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +112 more potentially affected by CVE-2022-21208 via node-opcua (>=0.0.49 <=2.73.1)
node-opcua NPM version =0.0.49, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: OSV:GHSA-4HR4-PJJH-2Q2W...
CVE-2022-21208
CVE-2022-21208 affects the NodeOPCUA library. The vulnerability is a DoS caused by a missing limit on the number of received chunks per session or across all concurrent sessions, allowing an attacker to send an unlimited number of huge chunks (e.g., 2 GB each) without the Final closing chunk. Aff...
CVE-2022-21208 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-21208 via node-opcua (>=2.100.0 <=2.73.1)
node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: SNYK:JS-NODEOPCUA-2988723...