node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
- Severity:
- High
Description
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Recommendation
Update the node-opcua package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.74.0
- Patched version(s): 2.74.0
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) - Vulnerability
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) - CVE-2024-52809
- node-opcua DoS when bypassing limitations for excessive memory consumption - CVE-2022-24375
- Uncontrolled Resource Consumption in node-opcua - CVE-2022-21208
- Tags:
- npm
- node-opcua
Anything's wrong? Let us know Last updated on January 30, 2023