CVE-2022-25231

Name of the Vulnerable Software and Affected Versions node-opcua versions prior to 2.74.0

Description The issue is related to a Denial of Service (DoS) condition that can be triggered by sending a specifically crafted OPC UA message with a special OPC UA NodeID. This occurs when the requested memory allocation exceeds the v8's memory limit, leading to uncontrolled resource consumption. The exploitation of this issue may allow a remote attacker to cause a service disruption.

Recommendations For node-opcua versions prior to 2.74.0, update to version 2.74.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OPC UA NodeID to minimize the risk of exploitation.