PT-2020-5852 · Node.Js+8 · Node.Js+8
Published
2020-01-24
·
Updated
2024-12-16
·
CVE-2021-22883
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Node.js versions prior to 10.24.0
Node.js versions prior to 12.21.0
Node.js versions prior to 14.16.0
Node.js versions prior to 15.10.0
Description:
The issue is related to the incorrect handling of a large number of connection attempts with an
unknownProtocol. This can lead to a denial of service attack, causing a leak of file descriptors. If a file descriptor limit is configured on the system, the server becomes unable to accept new connections and is prevented from opening files. Without a file descriptor limit, this results in excessive memory usage, potentially causing the system to run out of memory.Recommendations:
For versions prior to 10.24.0, update to version 10.24.0 or later.
For versions prior to 12.21.0, update to version 12.21.0 or later.
For versions prior to 14.16.0, update to version 14.16.0 or later.
For versions prior to 15.10.0, update to version 15.10.0 or later.
Exploit
Fix
DoS
Missing Release of Resource after Effective Lifetime
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu