Freeopcua: Security Vulnerabilities
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-10-03
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
**Note:**
This issue is a result of missing checks for services that require an active session.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-10-03
All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-23