42 matches found
GHSA-4HR4-PJJH-2Q2W Uncontrolled Resource Consumption in node-opcua
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +112 more potentially affected by CVE-2022-21208 via node-opcua (>=0.0.49 <=2.73.1)
node-opcua NPM version =0.0.49, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: OSV:GHSA-4HR4-PJJH-2Q2W...
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-25231
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-21208
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
Design/Logic Flaw
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
Code injection
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
CVE-2022-21208 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
CVE-2022-21208 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
CVE-2022-21208
CVE-2022-21208 affects the NodeOPCUA library. The vulnerability is a DoS caused by a missing limit on the number of received chunks per session or across all concurrent sessions, allowing an attacker to send an unlimited number of huge chunks (e.g., 2 GB each) without the Final closing chunk. Aff...
CVE-2022-25231 Denial of Service (DoS)
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-25231
CVE-2022-25231 affects node-opcua before 2.74.0. A crafted OPC UA message with a specific NodeID can trigger memory-allocation-induced DoS when v8 memory limits are exceeded, impacting availability. Mitigation: upgrade to node-opcua 2.74.0 or later (remediation consistently recommended across OSV...
CVE-2022-25231
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...
CVE-2022-21208
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-24375 via node-opcua (>=2.100.0 <=2.73.1)
node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-24375 Source advisory: SNYK:JS-NODEOPCUA-2988725...
Denial of Service (DoS)
Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the...
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-25231 via node-opcua (>=2.100.0 <=2.73.1)
node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-25231 Source advisory: SNYK:JS-NODEOPCUA-2988724...
Denial of Service (DoS)
Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds t...
@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-21208 via node-opcua (>=2.100.0 <=2.73.1)
node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: SNYK:JS-NODEOPCUA-2988723...
Denial of Service (DoS)
Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An...