1. Home
  2. Vulnerabilities
  3. CVE-2021-22883

CVE-2021-22883

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 7.8 (High)
78% Progress
EPSS 0.65 % (80th)
0.65% Progress
Affected Products 9
Advisories 29
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CWE-772
Missing Release of Resource after Effective Lifetime
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2021-03-03 18:15:14
(3 years ago)
Updated Date
2023-11-07 03:30:27
(10 months ago)

Affected Products

Fedoraproject

Netapp

Nodejs

Oracle

Siemens

Configuration #1

    CPE23 From Up To
  Nodejs Node.js from 10.0.0 version and prior 10.24.0 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 10.0.0 < 10.24.0
  Nodejs Node.js from 12.0.0 version and prior 12.21.0 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 12.0.0 < 12.21.0
  Nodejs Node.js from 14.0.0 version and prior 14.16.0 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 14.0.0 < 14.16.0
  Nodejs Node.js from 15.0.0 version and prior 15.10.0 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 15.0.0 < 15.10.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

    CPE23 From Up To
  Netapp E-series Performance Analyzer cpe:2.3:a:netapp:e-series_performance_analyzer:-

Configuration #4

    CPE23 From Up To
  Oracle Graalvm 19.3.5 cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise
  Oracle Graalvm 20.3.1.2 cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise
  Oracle Graalvm 21.0.0.2 cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise
  Oracle Jd Edwards Enterpriseone Tools prior 9.2.6.0 version cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools < 9.2.6.0
  Oracle Mysql Cluster 8.0.25 and prior versions cpe:2.3:a:oracle:mysql_cluster <= 8.0.25
  Oracle Nosql Database prior 20.3 version cpe:2.3:a:oracle:nosql_database < 20.3
  Oracle Peoplesoft Enterprise Peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
  Oracle Peoplesoft Enterprise Peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59

Configuration #5

    CPE23 From Up To
  Siemens Sinec Infrastructure Network Services prior 1.0.1.1 version cpe:2.3:a:siemens:sinec_infrastructure_network_services < 1.0.1.1