VDB
DEBIAN-CVE-2021-22883
DEBIAN-CVE-2021-22883
PUBLISHED
CVSS 7.5 HIGH
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | nodejs | 0, 0, 0 |
| Debian:14 | nodejs | 0, 0, 0 |
| Debian:11 | nodejs | 0, 0, 0 |
| Debian:12 | nodejs | 0, 0, 0 |
Timeline
- Mar 3, 2021 CVE Published
- Apr 28, 2026 CVE Updated