CVE-2021-22883

HIGH

Node.js <10.24.0,12.21.0,14.16.0,15.10.0 - DoS

Title source: llm
STIX 2.1

Description

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

References (10)

Scores

CVSS v3 7.5
EPSS 0.8943
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-772 CWE-400
Status published
Products (15)
fedoraproject/fedora 32
fedoraproject/fedora 33
fedoraproject/fedora 34
netapp/e-series_performance_analyzer
nodejs/node.js 10.0.0 - 10.24.0
nodejs/node.js 15.0.0 - 15.10.0
oracle/graalvm 19.3.5
oracle/graalvm 20.3.1.2
oracle/graalvm 21.0.0.2
oracle/jd_edwards_enterpriseone_tools < 9.2.6.0
... and 5 more
Published Mar 03, 2021
Tracked Since Feb 18, 2026