Published: 03/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 695

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Node.js prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
netapp e-series performance analyzer -
oracle peoplesoft enterprise peopletools 8.58
oracle graalvm 20.3.1.2
oracle graalvm 21.0.0.2
oracle graalvm 19.3.5
oracle nosql database
oracle mysql cluster
oracle peoplesoft enterprise peopletools 8.59
oracle jd edwards enterpriseone tools
siemens sinec infrastructure network services

Two vulnerabilities were discovered in Nodejs, which could result in denial of service or DNS rebinding attacks For the stable distribution (buster), these problems have been fixed in version 10240~dfsg-1~deb10u1 We recommend that you upgrade your nodejs packages For the detailed security status of nodejs please refer to its security tracker ...

Nodejs before versions 15100, 14160, 12210 and 10240 is vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established This leads to a leak of file descriptors If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the pr ...

Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer CVE-2020-8252, CVE-2020-8265, CVE-2021-22883, CVE-2021-22884 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Critical Infrastructure Sectors: Energy

CWE-772 https://hackerone.com/reports/1043360 https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/https://security.netapp.com/advisory/ntap-20210416-0001/https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4863 https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-02

CVE-2021-22883

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect