Published: 20/02/2024 Updated: 01/05/2024

A vulnerability in Node.js HTTP servers allows an malicious user to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Debian Bug report logs - #1064055 nodejs: CVE-2023-46809 CVE-2024-22019 CVE-2024-21892 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 16 Feb 2024 14:30:02 UTC Severity: grave Ta ...

oss-sec mailing list archives   By Date By Thread </form>    NodeJS v{18x,20x,21x} February Security Updates   From: suarezmiguelc ...

https://hackerone.com/reports/2233486 https://security.netapp.com/advisory/ntap-20240315-0004/http://www.openwall.com/lists/oss-security/2024/03/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22019

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect