Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-03-03T17:38:32

Updated: 2024-08-03T18:58:24.778Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22883

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-03T18:15:14.893

Modified: 2024-11-21T05:50:49.997

Link: CVE-2021-22883

cve-icon Redhat

Severity : Important

Publid Date: 2021-02-20T00:00:00Z

Links: CVE-2021-22883 - Bugzilla