CVE-2022-24375

Name of the Vulnerable Software and Affected Versions node-opcua versions prior to 2.74.0

Description The issue is related to a Denial of Service (DoS) condition that can be triggered by bypassing limitations for excessive memory consumption. This can be achieved by sending multiple CloseSession requests with the deleteSubscription parameter set to False. The vulnerability is associated with incorrect cleanup or release of resources, which can be exploited by a remote attacker to cause a service disruption.

Recommendations For versions prior to 2.74.0, update to version 2.74.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CloseSession request or setting the deleteSubscription parameter to True to minimize the risk of exploitation.