QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22883

Published: Mar 3, 2021

Modified: Apr 30, 2025

PUBLISHED

Description

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Vendor	Product	Versions
NodeJS	Node	affected `4.0 - < 4.` affected `5.0 - < 5.` affected `6.0 - < 6.` affected `7.0 - < 7.` affected `8.0 - < 8.*` +7 more versions

Weaknesses (CWE)

References

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

x_refsource_MISC

https://hackerone.com/reports/1043360

x_refsource_MISC

FEDORA-2021-a760169c3c

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-f6bd75e9d4

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-6aaba80ba2

vendor-advisory

x_refsource_FEDORA

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210416-0001/

x_refsource_CONFIRM

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.