CVE-2022-24298
HIGHfreeopcua - Denial of Service via Multiple CloseSession Requests
Title source: llmDescription
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-UNMANAGED-FREEOPCUAFREEOPCUA-2988720
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/FreeOpcUa/freeopcua/issues/391
Scores
CVSS v3
7.5
EPSS
0.0078
EPSS Percentile
51.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (2)
freeopcua/freeopcua
freeopcua_project/freeopcua
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026