PT-2021-5821 · Node.Js+7 · Node.Js+7

Eran Levin

+1

·

Published

2021-07-30

·

Updated

2026-05-18

·

CVE-2021-22930

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 12.22.4 Node.js versions prior to 14.17.4 Node.js versions prior to 16.6.0
Description The issue is related to a use after free attack in Node.js, where an attacker might exploit memory corruption to change process behavior, potentially leading to access to confidential data, disruption of data integrity, and denial of service. The vulnerability is associated with the http2 module, which could allow an attacker to crash the process or potentially execute code in the system when accessing a host controlled by the attacker.
Recommendations For versions prior to 12.22.4, update to version 12.22.4 or later. For versions prior to 14.17.4, update to version 14.17.4 or later. For versions prior to 16.6.0, update to version 16.6.0 or later. As a temporary workaround, consider disabling the http2 module until a patch is available. Restrict access to the http2 module to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:3623
ALSA-2021:3666
ALT-PU-2021-2389
ALT-PU-2021-2397
ALT-PU-2021-2497
ALT-PU-2021-2550
ALT-PU-2022-3073
AZL-6742
BDU:2022-00316
BIT-NODE-2021-22930
BIT-NODE-MIN-2021-22930
CESA-2021_3623
CESA-2021_3666
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2021-22930
DLA-3137-1
MGASA-2021-0394
OESA-2021-1409
OPENSUSE-SU-2021:1214-1
OPENSUSE-SU-2021:1239-1
OPENSUSE-SU-2021:1313-1
OPENSUSE-SU-2021:1343-1
OPENSUSE-SU-2021:2875-1
OPENSUSE-SU-2021:2953-1
OPENSUSE-SU-2021:3211-1
OPENSUSE-SU-2021:3294-1
OPENSUSE-SU-2021_1214-1
OPENSUSE-SU-2021_1239-1
OPENSUSE-SU-2021_1313-1
OPENSUSE-SU-2021_1343-1
OPENSUSE-SU-2021_2875-1
OPENSUSE-SU-2021_2953-1
OPENSUSE-SU-2021_3211-1
OPENSUSE-SU-2021_3294-1
OPENSUSE-SU-2022_2855-1
OPENSUSE-SU-2024:11096-1
OPENSUSE-SU-2024:11097-1
RHSA-2021:3280
RHSA-2021:3281
RHSA-2021:3623
RHSA-2021:3638
RHSA-2021:3639
RHSA-2021:3666
RHSA-2021_3623
RHSA-2021_3666
RLSA-2021:3623
RLSA-2021:3666
SUSE-SU-2021:2790-1
SUSE-SU-2021:2823-1
SUSE-SU-2021:2824-1
SUSE-SU-2021:2875-1
SUSE-SU-2021:2953-1
SUSE-SU-2021:3184-1
SUSE-SU-2021:3211-1
SUSE-SU-2021:3294-1
SUSE-SU-2021_2790-1
SUSE-SU-2021_2823-1
SUSE-SU-2021_2824-1
SUSE-SU-2021_2875-1
SUSE-SU-2021_2953-1
SUSE-SU-2021_3184-1
SUSE-SU-2021_3211-1
SUSE-SU-2021_3294-1
SUSE-SU-2022:2855-1
SUSE-SU-2022_2855-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Node.Js
Red Hat
Rocky Linux
Suse