nvd-json-data-feeds/CVE-2022/CVE-2022-252xx/CVE-2022-25231.json

{
  "id": "CVE-2022-25231",
  "sourceIdentifier": "report@snyk.io",
  "published": "2022-08-23T05:15:07.873",
  "lastModified": "2022-08-26T13:01:18.860",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."
    },
    {
      "lang": "es",
      "value": "El paquete node-opcua versiones anteriores a 2.74.0, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) mediante el env\u00edo de un mensaje OPC UA espec\u00edficamente dise\u00f1ado con un NodeID OPC UA especial, cuando la asignaci\u00f3n de memoria solicitada excede el l\u00edmite de memoria de v8."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "report@snyk.io",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:node-opcua_project:node-opcua:*:*:*:*:*:node.js:*:*",
              "versionEndExcluding": "2.74.0",
              "matchCriteriaId": "900AECE1-5AD5-4065-AE88-E02D6885B83C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/node-opcua/node-opcua/pull/1182",
      "source": "report@snyk.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724",
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2022-25231",`
			`"sourceIdentifier": "report@snyk.io",`
			`"published": "2022-08-23T05:15:07.873",`
			`"lastModified": "2022-08-26T13:01:18.860",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8\u2019s memory limit."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "El paquete node-opcua versiones anteriores a 2.74.0, es vulnerable a una Denegaci\u00f3n de Servicio (DoS) mediante el env\u00edo de un mensaje OPC UA espec\u00edficamente dise\u00f1ado con un NodeID OPC UA especial, cuando la asignaci\u00f3n de memoria solicitada excede el l\u00edmite de memoria de v8."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`},`
			`{`
			`"source": "report@snyk.io",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-770"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:node-opcua_project:node-opcua::::::node.js::*",`
			`"versionEndExcluding": "2.74.0",`
			`"matchCriteriaId": "900AECE1-5AD5-4065-AE88-E02D6885B83C"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://github.com/node-opcua/node-opcua/commit/7b5044b3f5866fbedc3efabd05e407352c07bd2f",`
			`"source": "report@snyk.io",`
			`"tags": [`
			`"Patch",`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/node-opcua/node-opcua/pull/1182",`
			`"source": "report@snyk.io",`
			`"tags": [`
			`"Patch",`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://security.snyk.io/vuln/SNYK-JS-NODEOPCUA-2988724",`
			`"source": "report@snyk.io",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`