CVE-2022-21208

Name of the Vulnerable Software and Affected Versions node-opcua versions prior to 2.74.0

Description The issue is related to a missing limitation on the number of received chunks per single session or in total for all concurrent sessions, which can lead to a Denial of Service (DoS). An attacker can exploit this by sending a large number of huge chunks without sending the Final closing chunk, causing uncontrolled resource consumption. This can allow a remote attacker to cause a service disruption.

Recommendations For versions prior to 2.74.0, update to version 2.74.0 or later to resolve the issue. As a temporary workaround, consider implementing measures to limit the number of received chunks per session or in total for all concurrent sessions to prevent uncontrolled resource consumption.