← Retour aux CVEs
CVE-2022-24298
HIGH7.5
Description
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/23/2022
Derniere modification3/3/2026
Sourcenvd
Observations honeypot0
Produits affectes
freeopcua:freeopcua
Faiblesses (CWE)
CWE-770
References
https://github.com/FreeOpcUa/freeopcua/issues/391(report@snyk.io)
https://github.com/FreeOpcUa/freeopcua/issues/391(af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-UNMANAGED-FREEOPCUAFREEOPCUA-2988720(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.