CVE-2022-24375

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-24375
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24375.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-24375
Aliases
Published
2022-08-24T05:15:07.230Z
Modified
2026-04-10T04:45:22.791545Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

References

Affected packages

Git / github.com/node-opcua/node-opcua

Affected ranges

Type
GIT
Repo
https://github.com/node-opcua/node-opcua
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
003ee041795f3b737afaaef5721045ee31ea9f77
Fixed
3fd46ec156e7718a506be41f3916310b6bdd0407
Fixed
7b5044b3f5866fbedc3efabd05e407352c07bd2f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.74.0"
        }
    ]
}

Affected versions

0.*
0.0.45
0.0.7
0.0.8
V0.*
V0.2.0
v.*
v.0.0.53
v0.*
v0.0.11
v0.0.14
v0.0.19
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.3
v0.0.34
v0.0.35
v0.0.37
v0.0.38
v0.0.39
v0.0.4
v0.0.40
v0.0.41
v0.0.42
v0.0.45
v0.0.46
v0.0.47
v0.0.48
v0.0.49
v0.0.5
v0.0.50
v0.0.51
v0.0.52
v0.0.53
v0.0.54
v0.0.55
v0.0.56
v0.0.56b
v0.0.57
v0.0.58
v0.0.59
v0.0.60
v0.0.61
v0.0.64
v0.0.65
v0.1.0-10
v0.1.0-11
v0.1.0-12
v0.1.0-13
v0.1.0-4
v0.1.0-5
v0.1.0-6
v0.1.0-7
v0.1.0-8
v0.1.0-9
v0.1.1-0
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v2.*
v2.0.0
v2.0.0-alpha.0
v2.0.0-alpha.10
v2.0.0-alpha.11
v2.0.0-alpha.13
v2.0.0-alpha.14
v2.0.0-alpha.15
v2.0.0-alpha.16
v2.0.0-alpha.17
v2.0.0-alpha.18
v2.0.0-alpha.19
v2.0.0-alpha.20
v2.0.0-alpha.21
v2.0.0-alpha.22
v2.0.0-alpha.23
v2.0.0-alpha.24
v2.0.0-alpha.25
v2.0.0-alpha.26
v2.0.0-alpha.27
v2.0.0-alpha.28
v2.0.0-alpha.29
v2.0.0-alpha.30
v2.0.0-alpha.31
v2.0.0-alpha.32
v2.0.0-alpha.33
v2.0.0-alpha.4
v2.0.0-alpha.5
v2.0.0-alpha.6
v2.0.0-alpha.7
v2.0.0-alpha.8
v2.0.0-alpha.9
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.24.1
v2.25.0
v2.26.0
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.28.2
v2.28.3
v2.29.0
v2.3.0
v2.3.1
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.35.0
v2.36.0
v2.36.1
v2.36.2
v2.36.3
v2.37.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.40.0
v2.41.0
v2.41.1
v2.42.0
v2.42.1
v2.42.2
v2.43.0
v2.44.0
v2.45.0
v2.46.0
v2.47.0
v2.49.0
v2.5.0-alpha.0
v2.5.0-alpha.1
v2.5.0-alpha.10
v2.5.0-alpha.11
v2.5.0-alpha.12
v2.5.0-alpha.13
v2.5.0-alpha.14
v2.5.0-alpha.15
v2.5.0-alpha.2
v2.5.0-alpha.3
v2.5.0-alpha.4
v2.5.0-alpha.5
v2.5.0-alpha.6
v2.5.0-alpha.7
v2.5.0-alpha.8
v2.5.0-alpha.9
v2.5.1
v2.5.10
v2.5.11
v2.5.12
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.50.0
v2.51.0
v2.52.0
v2.55.0
v2.56.0
v2.56.1
v2.56.2
v2.56.3
v2.57.0
v2.58.0
v2.59.0
v2.59.1
v2.6.0-alpha.0
v2.6.0-alpha.1
v2.6.0-alpha.6
v2.6.0-alpha.7
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.60.0
v2.60.1
v2.60.2
v2.61.0
v2.62.0
v2.62.1
v2.62.2
v2.62.3
v2.62.4
v2.62.5
v2.62.6
v2.62.7
v2.63.0
v2.63.1
v2.63.2
v2.64.0
v2.64.1
v2.65.0
v2.65.1
v2.66.0
v2.66.1
v2.66.2
v2.66.3
v2.67.0
v2.68.0
v2.68.1
v2.69.0
v2.69.1
v2.7.0
v2.70.0
v2.70.1
v2.70.2
v2.70.3
v2.71.0
v2.72.0
v2.72.1
v2.72.2
v2.73.0
v2.73.1
v2.8.0
v2.8.1
v2.9.0
v2.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24375.json"