Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-27983HistoryApr 09, 2024 - 1:15 a.m.
CVE-2024-27983
2024-04-0901:15:49
Alpine Linux Development Team
security.alpinelinux.org
18
node.js
http/2 server
attacker
unavailable
http/2 frames
continuation frame
race condition
memory
tcp connection
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | nodejs-current | < 21.7.2-r0 | UNKNOWN |
| Alpine | edge-main | noarch | nodejs | < 20.12.1-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | nodejs | < 18.20.1-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | nodejs | < 18.20.1-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | nodejs-current | < 21.7.2-r0 | UNKNOWN |
| Alpine | 3.19-main | noarch | nodejs | < 20.12.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | nodejs-current | < 21.7.2-r0 | UNKNOWN |
| Alpine | 3.20-main | noarch | nodejs | < 20.12.1-r0 | UNKNOWN |
Related
veracode
veracode
Denial Of Service (DoS)
2024-04-11 02:04:36
redhatcve
redhatcve
CVE-2024-27983
2024-04-03 19:27:23
cve
cve
CVE-2024-27983
2024-04-09 01:15:49
hackerone
hackerone
githubexploit
githubexploit
Exploit for CVE-2024-27983
2024-04-14 11:34:52
osv
osv
CVE-2024-27983
2024-04-09 01:15:49
Important: nodejs security update
2024-05-20 00:00:00
Important: nodejs:18 security update
2024-05-09 18:50:42
redhat
redhat
(RHSA-2024:3472) Important: rh-nodejs14 security update
2024-05-29 15:31:29
(RHSA-2024:2937) Important: nodejs security update
2024-05-21 04:57:15
(RHSA-2024:2853) Important: nodejs:20 security update
2024-05-15 10:54:45
redos
redos
ROS-20240425-03
2024-04-25 00:00:00
nessus
nessus
RHEL 7 : rh-nodejs14 (RHSA-2024:3472)
2024-05-29 00:00:00
F5 Networks BIG-IP : Node.js vulnerability (K000139532)
2024-05-07 00:00:00
RHEL 9 : nodejs (RHSA-2024:2937)
2024-05-21 00:00:00
f5
f5
K000139532 : Node.js vulnerability CVE-2024-27983
2024-05-07 00:00:00
cvelist
cvelist
CVE-2024-27983
2024-04-09 01:06:43
cbl_mariner
cbl_mariner
CVE-2024-27983 affecting package nodejs18 for versions less than 18.18.2-7
2024-04-30 01:31:53
debiancve
debiancve
CVE-2024-27983
2024-04-09 01:15:49
ubuntucve
ubuntucve
CVE-2024-27983
2024-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: nodejs20-20.12.2-1.fc40
2024-04-19 21:44:22
[SECURITY] Fedora 39 Update: nodejs20-20.12.2-1.fc39
2024-04-20 01:03:33
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1306-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:1308-1)
2024-04-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1346-1)
2024-05-07 00:00:00
ibm
ibm
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2024-04-05 21:24:25
rocky
rocky
nodejs:18 security update
2024-05-09 18:50:42
nodejs:18 security update
2024-05-09 18:51:51
nodejs:20 security update
2024-05-09 18:50:42
oraclelinux
oraclelinux
nodejs:18 security update
2024-05-14 00:00:00
nodejs security update
2024-05-22 00:00:00
nodejs:20 security update
2024-05-09 00:00:00
almalinux
almalinux
Important: nodejs:20 security update
2024-05-15 00:00:00
Important: nodejs:18 security update
2024-05-09 00:00:00
Important: nodejs security update
2024-05-20 00:00:00
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00