CVE-2024-27983

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description The issue is related to the Node.js HTTP/2 server, where an attacker can make the server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. This can cause a race condition when headers with HTTP/2 CONTINUATION frames are sent to the server and then a TCP connection is abruptly closed by the client, triggering the Http2Session destructor while header frames are still being processed. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-367

Related Identifiers

ALSA-2023_4330

ALSA-2023_4331

ALSA-2023_4536

ALSA-2023_4537

ALSA-2024:2778

ALSA-2024:2779

ALSA-2024:2780

ALSA-2024:2853

ALSA-2024:2910

ALSA-2024_1438

ALSA-2024_1444

ALSA-2024_1503

ALSA-2024_1510

ALSA-2024_1687

ALSA-2024_1688

ALSA-2024_2778

ALSA-2024_2779

ALSA-2024_2780

ALSA-2024_2853

ALSA-2024_2910

ALSA-2024_5815

ALSA-2025_1351

ALSA-2025_1443

ALSA-2025_1446

ALSA-2025_1582

ALSA-2025_1611

ALSA-2025_1613

ALSA-2025_16880

ALT-PU-2024-5094

ALT-PU-2025-2007

ALT-PU-2025-2047

AZL-39584

AZL-39587

BDU:2024-02689

BIT-NODE-2024-27983

BIT-NODE-MIN-2024-27983

CESA-2024_2778

CESA-2024_2780

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2024-27983

DLA-3886-1

DSA-5991-1

ECHO-EDEA-10A0-9440

ELSA-2024-2778

ELSA-2024-2779

ELSA-2024-2780

ELSA-2024-2853

ELSA-2024-2910

INFSA-2024_2779

INFSA-2024_2853

INFSA-2024_2910

MGASA-2024-0110

OESA-2024-2171

OESA-2024-2172

OESA-2024-2173

OESA-2024-2174

OESA-2024-2175

OPENSUSE-SU-2024:13851-1

OPENSUSE-SU-2024:13852-1

OPENSUSE-SU-2024_1301-1

OPENSUSE-SU-2024_1306-1

OPENSUSE-SU-2024_1308-1

OPENSUSE-SU-2024_1309-1

RHSA-2024:2778

RHSA-2024:2779

RHSA-2024:2780

RHSA-2024:2853

RHSA-2024:2910

RHSA-2024:2937

RHSA-2024:3472

RHSA-2024:3544

RHSA-2024:3545

RHSA-2024:3553

RHSA-2024:4353

RHSA-2024:4824

RHSA-2024_2778

RHSA-2024_2779

RHSA-2024_2780

RHSA-2024_2853

RHSA-2024_2910

RLSA-2024:2778

RLSA-2024:2779

RLSA-2024:2780

RLSA-2024:2853

RLSA-2024:2910

RLSA-2024_2778

RLSA-2024_2779

RLSA-2024_2780

RLSA-2024_2853

RLSA-2024_2910

SUSE-SU-2024:1301-1

SUSE-SU-2024:1305-1

SUSE-SU-2024:1306-1

SUSE-SU-2024:1307-1

SUSE-SU-2024:1308-1

SUSE-SU-2024:1309-1

SUSE-SU-2024:1346-1

SUSE-SU-2024:1355-1

SUSE-SU-2024_1301-1

SUSE-SU-2024_1305-1

SUSE-SU-2024_1306-1

SUSE-SU-2024_1307-1

SUSE-SU-2024_1308-1

SUSE-SU-2024_1309-1

SUSE-SU-2024_1346-1

SUSE-SU-2024_1355-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Node.Js

Red Hat

Red Os

Rocky Linux

Suse

CVE-2024-27983

Weakness Enumeration

Related Identifiers

Affected Products

References · 282