Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2021-03-03T17:38:32
Updated: 2024-08-03T18:58:24.778Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22883
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-03T18:15:14.893
Modified: 2024-11-21T05:50:49.997
Link: CVE-2021-22883
Redhat