Node.js prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodejs node.js |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
netapp e-series performance analyzer - |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle graalvm 20.3.1.2 |
||
oracle graalvm 21.0.0.2 |
||
oracle graalvm 19.3.5 |
||
oracle nosql database |
||
oracle mysql cluster |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle jd edwards enterpriseone tools |
||
siemens sinec infrastructure network services |