---

CVE-2021-22883 - log back

CVE-2021-22883 edited at 23 Feb 2021 19:29:01

References

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/#http2-unknownprotocol-cause-denial-of-service-by-resource-exhaustion-critical-cve-2021-22883 https://hackerone.com/reports/1043360 https://github.com/nodejs-private/node-private/pull/246 https://github.com/nodejs/node/commit/4184806deed6b6c393dd8737aab1dc0c78a24c78 https://github.com/nodejs/node/commit/afea10b09785996348fc198c8aa97eb10a05cec9 https://github.com/nodejs/node/commit/922ada77132c1b0b69c9a146822d762b2f9b912b - https://github.com/nodejs/node/commit/4184806deed6b6c393dd8737aab1dc0c78a24c78 + https://github.com/nodejs/node/commit/3f2e9dc40c9964965b075c00719829f9bb17e65f

CVE-2021-22883 edited at 23 Feb 2021 19:25:10
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Node.js before versions 15.10.0, 14.16.0, 12.21.0 and 10.24.0 is vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
References	+ https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/#http2-unknownprotocol-cause-denial-of-service-by-resource-exhaustion-critical-cve-2021-22883 + https://hackerone.com/reports/1043360 + https://github.com/nodejs-private/node-private/pull/246 + https://github.com/nodejs/node/commit/4184806deed6b6c393dd8737aab1dc0c78a24c78 + https://github.com/nodejs/node/commit/afea10b09785996348fc198c8aa97eb10a05cec9 + https://github.com/nodejs/node/commit/922ada77132c1b0b69c9a146822d762b2f9b912b + https://github.com/nodejs/node/commit/4184806deed6b6c393dd8737aab1dc0c78a24c78
Notes

CVE-2021-22883 created at 23 Feb 2021 19:18:56