CVE-2024-22019

Published: 20/02/2024 Updated: 01/05/2024

A vulnerability in Node.js HTTP servers allows an malicious user to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Debian Bug report logs - #1064055 nodejs: CVE-2023-46809 CVE-2024-22019 CVE-2024-21892 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 16 Feb 2024 14:30:02 UTC Severity: grave Ta ...

This posting is largely based on the NodeJS blog post at nodejsorg/en/blog/vulnerability/february-2024-security-releases with some edits and extras by me Please note that it still uses future tense to talk about the releases, which should actually have been made by now ====== Summary ====== The Nodejs project will release new version ...

https://hackerone.com/reports/2233486 https://security.netapp.com/advisory/ntap-20240315-0004/http://www.openwall.com/lists/oss-security/2024/03/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22019

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect