Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Oct 2022, 17:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-772 |
06 Apr 2022, 16:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens sinec Infrastructure Network Services
Siemens |
|
CPE | cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (MISC) https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ - Patch, Release Notes, Vendor Advisory |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2021, 20:16
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2021, 14:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0001/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Apr 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2021, 23:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/ - Mailing List, Third Party Advisory |
19 Mar 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Mar 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2021, 17:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://hackerone.com/reports/1043360 - Permissions Required, Third Party Advisory | |
References | (MISC) https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ - Release Notes, Vendor Advisory | |
CWE | CWE-400 | |
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 7.5 |
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
03 Mar 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-03 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22883
Mitre link : CVE-2021-22883
CVE.ORG link : CVE-2021-22883
JSON object : View
Products Affected
fedoraproject
- fedora
oracle
- graalvm
- mysql_cluster
- jd_edwards_enterpriseone_tools
- nosql_database
- peoplesoft_enterprise_peopletools
nodejs
- node.js
siemens
- sinec_infrastructure_network_services
netapp
- e-series_performance_analyzer