CVE-2021-22883
CVSS v3.1
7.5 (High)
CVSS v2.0
7.8 (High)
EPSS
0.65 % (80th)
Affected Products
9
Advisories
29
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2021-03-03 18:15:14
(3 years ago) - Updated Date
-
2023-11-07 03:30:27
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...