Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-22019HistoryFeb 20, 2024 - 2:15 a.m.
CVE-2024-22019
2024-02-2002:15:50
Debian Security Bug Tracker
security-tracker.debian.org
10
cve-2024-22019
node.js
http servers
vulnerability
attacker
crafted http request
resource exhaustion
denial of service
dos
chunked encoding
limitations
chunk extension
cpu exhaustion
network bandwidth
0.0004 Low
EPSS
Percentile
15.1%
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nodejs | <=ย 18.13.0+dfsg1-1 | nodejs_18.13.0+dfsg1-1_all.deb |
| Debian | 11 | all | nodejs | <=ย 12.22.12~dfsg-1~deb11u4 | nodejs_12.22.12~dfsg-1~deb11u4_all.deb |
| Debian | 10 | all | nodejs | <ย 10.24.0~dfsg-1~deb10u1 | nodejs_10.24.0~dfsg-1~deb10u1_all.deb |
| Debian | 999 | all | nodejs | <ย 18.19.1+dfsg-1 | nodejs_18.19.1+dfsg-1_all.deb |
| Debian | 13 | all | nodejs | <ย 18.19.1+dfsg-1 | nodejs_18.19.1+dfsg-1_all.deb |
Related
prion
prion
Design/Logic Flaw
2024-02-20 02:15:00
hackerone
hackerone
redhat
redhat
(RHSA-2024:2651) Important: nodejs:16 security update
2024-05-02 06:41:20
(RHSA-2024:1424) Important: nodejs security update
2024-03-19 17:34:04
(RHSA-2024:2793) Important: nodejs:16 security update
2024-05-09 09:24:14
osv
osv
Important: nodejs security update
2024-03-20 00:00:00
Important: nodejs security update
2024-05-10 14:33:20
BIT-node-2024-22019
2024-05-24 07:26:57
nessus
nessus
RHEL 7 : rh-nodejs14 (RHSA-2024:1354)
2024-03-18 00:00:00
RHEL 9 : nodejs (RHSA-2024:1438)
2024-03-20 00:00:00
RHEL 9 : nodejs (RHSA-2024:1424)
2024-03-19 00:00:00
cve
cve
CVE-2024-22019
2024-02-20 02:15:50
cbl_mariner
cbl_mariner
CVE-2024-22019 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
rocky
rocky
nodejs security update
2024-05-10 14:33:20
nodejs:16 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:34:32
almalinux
almalinux
Important: nodejs security update
2024-03-20 00:00:00
Important: nodejs:16 security update
2024-03-20 00:00:00
Important: nodejs:18 security update
2024-03-25 00:00:00
veracode
veracode
Denial Of Service
2024-02-21 20:24:20
ubuntucve
ubuntucve
CVE-2024-22019
2024-02-20 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2024-22019
2024-02-16 17:52:09
cvelist
cvelist
CVE-2024-22019
2024-02-20 01:31:08
oraclelinux
oraclelinux
nodejs security update
2024-03-21 00:00:00
nodejs:16 security update
2024-03-21 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
f5
f5
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0732-1)
2024-03-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00