Lucene search

K
cve[email protected]CVE-2021-22883
HistoryMar 03, 2021 - 6:15 p.m.

CVE-2021-22883

2021-03-0318:15:14
CWE-400
CWE-772
web.nvd.nist.gov
246
7
node.js
denial of service
'unknownprotocol'
cve-2021-22883
nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.006

Percentile

79.4%

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an ‘unknownProtocol’ are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Affected configurations

NVD
Node
nodejsnode.jsRange10.0.010.24.0lts
OR
nodejsnode.jsRange12.0.012.21.0lts
OR
nodejsnode.jsRange14.0.014.16.0lts
OR
nodejsnode.jsRange15.0.015.10.0-
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
Node
netappe-series_performance_analyzerMatch-
Node
oraclegraalvmMatch19.3.5enterprise
OR
oraclegraalvmMatch20.3.1.2enterprise
OR
oraclegraalvmMatch21.0.0.2enterprise
OR
oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0
OR
oraclemysql_clusterRange8.0.25
OR
oraclenosql_databaseRange<20.3
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.59
Node
siemenssinec_infrastructure_network_servicesRange<1.0.1.1

CNA Affected

[
  {
    "product": "https://github.com/nodejs/node",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 10.24.0, 12.21.0, 14.16.0, 15.10.0"
      }
    ]
  }
]

Social References

More

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.006

Percentile

79.4%