First published: Sat Feb 20 2021(Updated: )
Node.js is vulnerable to a denial of service, caused by a file descriptor leak. By making multiple attempts to connect with an 'unknownProtocol', an attacker could exploit this vulnerability to lead to an excessive memory usage and cause the system to run out of memory.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/rh-nodejs10-nodejs | <0:10.24.0-1.el7 | 0:10.24.0-1.el7 |
redhat/rh-nodejs14-nodejs | <0:14.16.0-1.el7 | 0:14.16.0-1.el7 |
redhat/rh-nodejs12-nodejs | <0:12.21.0-1.el7 | 0:12.21.0-1.el7 |
ubuntu/nodejs | <10.19.0~dfsg-3ubuntu1.2 | 10.19.0~dfsg-3ubuntu1.2 |
ubuntu/nodejs | <12.21.0~dfsg-1 | 12.21.0~dfsg-1 |
Nodejs Node.js | >=10.0.0<10.24.0 | |
Nodejs Node.js | >=12.0.0<12.21.0 | |
Nodejs Node.js | >=14.0.0<14.16.0 | |
Nodejs Node.js | >=15.0.0<15.10.0 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Netapp E-series Performance Analyzer | ||
Oracle GraalVM | =19.3.5 | |
Oracle GraalVM | =20.3.1.2 | |
Oracle GraalVM | =21.0.0.2 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
Oracle MySQL Cluster | <=8.0.25 | |
Oracle Nosql Database | <20.3 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
debian/nodejs | 10.24.0~dfsg-1~deb10u1 10.24.0~dfsg-1~deb10u3 12.22.12~dfsg-1~deb11u4 18.13.0+dfsg1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-22883 is a vulnerability in Node.js that can lead to a denial of service due to a file descriptor leak.
CVE-2021-22883 affects Node.js by causing a potential denial of service when too many connection attempts with an 'unknownProtocol' are established and a file descriptor leak occurs.
CVE-2021-22883 has a severity rating of high.
CVE-2021-22883 affects Node.js versions 15.10.0, 14.16.0, 12.21.0, and 10.24.0.
To fix CVE-2021-22883, update Node.js to version 15.10.0, 14.16.0, 12.21.0, or 10.24.0, depending on the version you are currently using.