4 matches found
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +112 more potentially affected by CVE-2022-25231 via node-opcua (>=0.0.49 <=2.73.1)
node-opcua NPM version =0.0.49, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-25231 Source advisory: OSV:GHSA-QPGC-XH7J-52Q8...
CVE-2022-25231 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-25231 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-25231
CVE-2022-25231 affects node-opcua before 2.74.0. A crafted OPC UA message with a specific NodeID can trigger memory-allocation-induced DoS when v8 memory limits are exceeded, impacting availability. Mitigation: upgrade to node-opcua 2.74.0 or later (remediation consistently recommended across OSV...