Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS)
Vulnerability Description
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
node-opcua 资源管理错误漏洞
Vulnerability Description
node-opcua是法国Sterfive SAS开源的一个完全用 Typescript 为 NodeJS 编写的 OPC UA 堆栈的实现。 node-opcua 2.74.0之前版本存在资源管理错误漏洞。攻击者利用该漏洞通过发送多个带有 deleteSubscription 参数值为 False 的 CloseSession 请求来绕过过度内存消耗的限制,导致触发拒绝服务 (DoS) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A