Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
2021-03-03T18:15:14.893
2024-11-21T05:50:49.997
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:C
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | nodejs | node.js | < 10.24.0 | Yes |
| Application | nodejs | node.js | < 12.21.0 | Yes |
| Application | nodejs | node.js | < 14.16.0 | Yes |
| Application | nodejs | node.js | < 15.10.0 | Yes |
| Operating System | fedoraproject | fedora | 32 | Yes |
| Operating System | fedoraproject | fedora | 33 | Yes |
| Operating System | fedoraproject | fedora | 34 | Yes |
| Application | netapp | e-series_performance_analyzer | - | Yes |
| Application | oracle | graalvm | 19.3.5 | Yes |
| Application | oracle | graalvm | 20.3.1.2 | Yes |
| Application | oracle | graalvm | 21.0.0.2 | Yes |
| Application | oracle | jd_edwards_enterpriseone_tools | < 9.2.6.0 | Yes |
| Application | oracle | mysql_cluster | ≤ 8.0.25 | Yes |
| Application | oracle | nosql_database | < 20.3 | Yes |
| Application | oracle | peoplesoft_enterprise_peopletools | 8.58 | Yes |
| Application | oracle | peoplesoft_enterprise_peopletools | 8.59 | Yes |
| Application | siemens | sinec_infrastructure_network_services | < 1.0.1.1 | Yes |