CVE-2022-24298

high

Description

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

References

Advisories

https://security.snyk.io/vuln/SNYK-UNMANAGED-FREEOPCUAFREEOPCUA-2988720

https://github.com/FreeOpcUa/freeopcua/issues/391

Details

Source: Mitre, NVD

Published: 2022-08-23

Updated: 2022-08-25

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H