CVE-2022-21208

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-1284
View all →

Vulnerability Description

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

Related Vulnerabilities

CVE-2020-27217

HIGH
CVSS:7.5(High)

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the ma...

CWE-12842020

CVE-2021-44693

HIGH
CVSS:7.5(High)

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CWE-12842021

CVE-2021-46893

HIGH
CVSS:7.5(High)

Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.

CWE-12842021

CVE-2022-0214

HIGH
CVSS:7.5(High)

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a...

CWE-12842022

CVE-2022-1174

HIGH
CVSS:7.5(High)

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attack...

CWE-12842022