Your submission was sent successfully! Close

CVE-2021-22883

Published: 3 March 2021

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nodejs
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Needs triage

upstream
Released (12.21.0~dfsg-1)
xenial Ignored
(end of standard support, was needs-triage)