Lucene search
K

42 matches found

OSV
OSV
added 2022/08/24 12:0 a.m.16 views

GHSA-4HR4-PJJH-2Q2W Uncontrolled Resource Consumption in node-opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS7.5AI score0.01167EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/08/24 12:0 a.m.7 views

@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +112 more potentially affected by CVE-2022-21208 via node-opcua (>=0.0.49 <=2.73.1)

node-opcua NPM version =0.0.49, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: OSV:GHSA-4HR4-PJJH-2Q2W...

7.5CVSS7AI score0.01167EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/24 12:0 a.m.27 views

node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

7.5CVSS3.5AI score0.0103EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/08/23 5:15 a.m.15 views

CVE-2022-25231

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

7.5CVSS0.0103EPSS
Exploits0References3
NVD
NVD
added 2022/08/23 5:15 a.m.26 views

CVE-2022-21208

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS0.01167EPSS
Exploits0References4
Prion
Prion
added 2022/08/23 5:15 a.m.16 views

Design/Logic Flaw

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

5CVSS7.4AI score0.0103EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/23 5:15 a.m.16 views

Code injection

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

5CVSS7.5AI score0.01167EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/23 5:6 a.m.11 views

CVE-2022-21208 Denial of Service (DoS)

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS7.1AI score0.01167EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/08/23 5:6 a.m.26 views

CVE-2022-21208 Denial of Service (DoS)

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS7.7AI score0.01167EPSS
Exploits0References4
CVE
CVE
added 2022/08/23 5:6 a.m.65 views

CVE-2022-21208

CVE-2022-21208 affects the NodeOPCUA library. The vulnerability is a DoS caused by a missing limit on the number of received chunks per session or across all concurrent sessions, allowing an attacker to send an unlimited number of huge chunks (e.g., 2 GB each) without the Final closing chunk. Aff...

7.5CVSS7.5AI score0.01167EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/08/23 5:5 a.m.18 views

CVE-2022-25231 Denial of Service (DoS)

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

7.5CVSS7.6AI score0.0103EPSS
Exploits0References3
CVE
CVE
added 2022/08/23 5:5 a.m.48 views

CVE-2022-25231

CVE-2022-25231 affects node-opcua before 2.74.0. A crafted OPC UA message with a specific NodeID can trigger memory-allocation-induced DoS when v8 memory limits are exceeded, impacting availability. Mitigation: upgrade to node-opcua 2.74.0 or later (remediation consistently recommended across OSV...

7.5CVSS7.4AI score0.0103EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:0 a.m.11 views

CVE-2022-25231

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

7.5CVSS7.1AI score0.0103EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:0 a.m.6 views

CVE-2022-21208

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks e.g. 2GB...

7.5CVSS7.1AI score0.01167EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/08/22 12:16 p.m.4 views

@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-24375 via node-opcua (>=2.100.0 <=2.73.1)

node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-24375 Source advisory: SNYK:JS-NODEOPCUA-2988725...

7.5CVSS7AI score0.01248EPSS
Exploits0
Snyk
Snyk
added 2022/08/22 12:16 p.m.4 views

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the...

7.5CVSS7.1AI score0.01248EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/08/22 12:3 p.m.4 views

@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-25231 via node-opcua (>=2.100.0 <=2.73.1)

node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-25231 Source advisory: SNYK:JS-NODEOPCUA-2988724...

7.5CVSS7AI score0.0103EPSS
Exploits0
Snyk
Snyk
added 2022/08/22 12:3 p.m.6 views

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds t...

7.5CVSS7AI score0.0103EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/08/22 11:15 a.m.7 views

@actyx-contrib/actyx-tutorial-simulator (=0.1.0), @adaptier/opcua-browser (>=1.0.0 <=1.0.1) +96 more potentially affected by CVE-2022-21208 via node-opcua (>=2.100.0 <=2.73.1)

node-opcua NPM version =2.100.0, =1.0.0, =1.0.0, =0.1.6, =1.0.2, =1.1.19, =1.3.2-alpha.36, =1.4.15-alpha.218, =1.4.15-alpha.66, =1.4.15-alpha.183, =1.4.15-alpha.61, =1.3.6-alpha.36, =1.4.15-alpha.65 and more Source cves: CVE-2022-21208 Source advisory: SNYK:JS-NODEOPCUA-2988723...

7.5CVSS7AI score0.01167EPSS
Exploits0
Snyk
Snyk
added 2022/08/22 11:15 a.m.3 views

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An...

7.5CVSS7AI score0.01167EPSS
Exploits0References2
Rows per page
Query Builder