CVE-2022-25231

HIGH

Node-opcua < 2.74.0 - Resource Allocation Without Limits

Title source: rule

Description

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724

Patch, Third Party Advisory x_refsource_misc

https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/node-opcua/node-opcua/pull/1182

Scores

CVSS v3 7.5

EPSS 0.0057

EPSS Percentile 68.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (2)

node-opcua_project/node-opcua < 2.74.0

npm/node-opcua 0 - 2.74.0npm

Published Aug 23, 2022

Tracked Since Feb 18, 2026