Aggregates CVE and security vulnerability intelligence across all freeopcua-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk denial of service, with potential vendor impact application crash across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-26151 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | [email protected] | 5.3 | 0.15% | 2023-10-03 | 2024-11-21 |
| CVE-2023-26150 | Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | [email protected] | 6.5 | 0.16% | 2023-10-03 | 2024-11-21 |
| CVE-2022-24298 | All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | [email protected] | 7.5 | 0.46% | 2022-08-23 | 2026-03-03 |