Home > Vulnerability Database > CVE-2022-24375

Mend.io Vulnerability Database

CVE-2022-24375

Good to know:

Date: August 24, 2022

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

Language: JS

Severity Score

7.5

Related Resources (6)

Url: https://github.com/node-opcua/node-opcua

Url: https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f

Url: https://github.com/node-opcua/node-opcua/pull/1182

Url: https://github.com/node-opcua/node-opcua/commit/3fd46ec156e7718a506be41f3916310b6bdd0407

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24375

Url: https://www.mend.io/vulnerability-database/CVE-2022-24375

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version node-opcua - v2.74.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24375

Good to know:

Date: August 24, 2022

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?