Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities found for node-opcua by node-opcua_project
FKIE_CVE-2022-24375
Vulnerability from fkie_nvd - Published: 2022-08-24 05:15 - Updated: 2024-11-21 06:50
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node-opcua_project | node-opcua | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node-opcua_project:node-opcua:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "900AECE1-5AD5-4065-AE88-E02D6885B83C",
"versionEndExcluding": "2.74.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
},
{
"lang": "es",
"value": "El paquete node-opcua versiones anteriores a 2.74.0, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) cuando omite las limitaciones por consumo excesivo de memoria mediante el env\u00edo de m\u00faltiples peticiones CloseSession con el par\u00e1metro deleteSubscription igual a False."
}
],
"id": "CVE-2022-24375",
"lastModified": "2024-11-21T06:50:17.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T05:15:07.230",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25231
Vulnerability from fkie_nvd - Published: 2022-08-23 05:15 - Updated: 2024-11-21 06:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f | Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/node-opcua/node-opcua/pull/1182 | Patch, Third Party Advisory | |
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/node-opcua/node-opcua/pull/1182 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node-opcua_project | node-opcua | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node-opcua_project:node-opcua:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "900AECE1-5AD5-4065-AE88-E02D6885B83C",
"versionEndExcluding": "2.74.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
},
{
"lang": "es",
"value": "El paquete node-opcua versiones anteriores a 2.74.0, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) mediante el env\u00edo de un mensaje OPC UA espec\u00edficamente dise\u00f1ado con un NodeID OPC UA especial, cuando la asignaci\u00f3n de memoria solicitada excede el l\u00edmite de memoria de v8."
}
],
"id": "CVE-2022-25231",
"lastModified": "2024-11-21T06:51:50.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T05:15:07.873",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21208
Vulnerability from fkie_nvd - Published: 2022-08-23 05:15 - Updated: 2024-11-21 06:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410 | Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b | Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/node-opcua/node-opcua/pull/1149 | Patch, Third Party Advisory | |
| report@snyk.io | https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/node-opcua/node-opcua/pull/1149 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node-opcua_project | node-opcua | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node-opcua_project:node-opcua:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "900AECE1-5AD5-4065-AE88-E02D6885B83C",
"versionEndExcluding": "2.74.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk."
},
{
"lang": "es",
"value": "El paquete node-opcua versiones anteriores a 2.74.0, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) debido a una falta de limitaci\u00f3n del n\u00famero de trozos recibidos, por sesi\u00f3n individual o en total para todas las sesiones concurrentes. Un atacante puede explotar esta vulnerabilidad mediante el env\u00edo de un n\u00famero ilimitado de chunks enormes (por ejemplo, 2GB cada uno) sin enviar el chunk de cierre Final."
}
],
"id": "CVE-2022-21208",
"lastModified": "2024-11-21T06:44:06.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T05:15:07.643",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-24375 (GCVE-0-2022-24375)
Vulnerability from cvelistv5 – Published: 2022-08-24 05:05 – Updated: 2024-09-16 16:13
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T05:05:12.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-24T05:00:10.599133Z",
"ID": "CVE-2022-24375",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1182",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-24375",
"datePublished": "2022-08-24T05:05:12.475Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:12.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21208 (GCVE-0-2022-21208)
Vulnerability from cvelistv5 – Published: 2022-08-23 05:06 – Updated: 2024-09-16 23:05
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T05:06:18.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-23T05:00:44.326693Z",
"ID": "CVE-2022-21208",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1149",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21208",
"datePublished": "2022-08-23T05:06:18.829Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:25.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25231 (GCVE-0-2022-25231)
Vulnerability from cvelistv5 – Published: 2022-08-23 05:05 – Updated: 2024-09-16 23:46
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T05:05:45.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-23T05:00:52.597889Z",
"ID": "CVE-2022-25231",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1182",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25231",
"datePublished": "2022-08-23T05:05:45.808Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:37.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24375 (GCVE-0-2022-24375)
Vulnerability from nvd – Published: 2022-08-24 05:05 – Updated: 2024-09-16 16:13
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-24 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T05:05:12.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-24T05:00:10.599133Z",
"ID": "CVE-2022-24375",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1182",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
},
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988725"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-24375",
"datePublished": "2022-08-24T05:05:12.475Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:12.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21208 (GCVE-0-2022-21208)
Vulnerability from nvd – Published: 2022-08-23 05:06 – Updated: 2024-09-16 23:05
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T05:06:18.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-23T05:00:44.326693Z",
"ID": "CVE-2022-21208",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988723"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1149",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21208",
"datePublished": "2022-08-23T05:06:18.829Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:25.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25231 (GCVE-0-2022-25231)
Vulnerability from nvd – Published: 2022-08-23 05:05 – Updated: 2024-09-16 23:46
VLAI?
Title
Denial of Service (DoS)
Summary
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Severity ?
CWE
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | node-opcua |
Affected:
unspecified , < 2.74.0
(custom)
|
Date Public ?
2022-08-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-opcua",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.74.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens"
},
{
"lang": "en",
"value": "Uri Katz"
},
{
"lang": "en",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"datePublic": "2022-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T05:05:45.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-08-23T05:00:52.597889Z",
"ID": "CVE-2022-25231",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-opcua",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.74.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vera Mens"
},
{
"lang": "eng",
"value": "Uri Katz"
},
{
"lang": "eng",
"value": "Sharon Brizinov of Team82 (Claroty Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724"
},
{
"name": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f"
},
{
"name": "https://github.com/node-opcua/node-opcua/pull/1182",
"refsource": "MISC",
"url": "https://github.com/node-opcua/node-opcua/pull/1182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25231",
"datePublished": "2022-08-23T05:05:45.808Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:37.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}