Home > Vulnerability Database > CVE-2022-21208

Mend.io Vulnerability Database

CVE-2022-21208

Good to know:

Date: August 23, 2022

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

Severity Score

7.5

Related Resources (6)

Url: https://github.com/node-opcua/node-opcua/commit/dbcb5d5191118c22ee9c89332a94b94e6553d76b

Url: https://github.com/node-opcua/node-opcua/commit/33ca3bab4ab781392a2f8d8f5a14de9a0aa0e410

Url: https://github.com/node-opcua/node-opcua

Url: https://github.com/node-opcua/node-opcua/pull/1149

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-21208

Url: https://www.mend.io/vulnerability-database/CVE-2022-21208

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

Upgrade Version

Upgrade to version node-opcua - 2.74.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-21208

Good to know:

Date: August 23, 2022

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?