RHEL 7 : rh-nodejs12-nodejs (RHSA-2021:0831)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0831 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CentOS 8 : nodejs:10 (CESA-2021:0735)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0735 advisory. - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 - nodejs: DNS rebinding in --inspect CVE-2021-22884 Note that Nessus...

CentOS 8 : nodejs:14 (CESA-2021:0744)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0744 advisory. - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 - nodejs: DNS rebinding in --inspect CVE-2021-22884 Note that Nessus...

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

Design/Logic Flaw

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

CVE-2021-22883

Node.js versions prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0 are vulnerable to a denial-of-service from excessive unknownProtocol connection attempts, causing file descriptor leaks and potential memory exhaustion. Affected releases can be mitigated by upgrading to patched releases (e.g., Node...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:0674-1)

This update for nodejs10 fixes the following issues : New upstream LTS version 10.24.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 CVE-2021-23840: OpenSSL - Integer overflow in CipherUpda...

Security update for nodejs10 (important)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:0372-1 Rating: important References: 1182333 1182619 1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:0650-1)

This update for nodejs14 fixes the following issues : New upstream LTS version 14.16.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 Note that Tenable Network Security has extracted the...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2021:0648-1)

This update for nodejs14 fixes the following issues : New upstream LTS version 14.16.0 : - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 - CVE-2021-22884: DNS rebinding in --inspect bsc1182620 Note that Tenable Network Security has extracted the...

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:0651-1)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.21.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 CVE-2021-23840: OpenSSL - Integer overflow in CipherUpda...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:0649-1)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.21.0 : CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion bsc1182619 CVE-2021-22884: DNS rebinding in --inspect bsc1182620 CVE-2021-23840: OpenSSL - Integer overflow in CipherUpda...

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:0356-1 Rating: important References: 1182619 1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVSS scores: CVE-2021-22883 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 SUSE: 5.8...

CVE-2021-22883

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

Node.js: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion

Summary: Node.js http2 server is vulnerable against denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new...