CVE-2021-22883
Description
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an unknownProtocol are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
91.125
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 12 (x64) (12.21.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 12 (12.21.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 14 (x64) (14.16.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 14 (14.16.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 10 (x64) (10.24.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 10 (10.24.0) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 15.10.0 | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2018-7160,CVE-2021-23840 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Vulnerabilities CVE-2021-22883,CVE-2021-22884,CVE-2021-2411 are affected in MySQL Cluster 8.0.25 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
| nodejs security update(DSA-4863-1) nodejs_10.24.0~dfsg-1~deb10u1_i386.deb | Linux |
| nodejs security update(DSA-4863-1) nodejs_10.24.0~dfsg-1~deb10u1_amd64.deb | Linux |
| (RHSA-2021:0734) nodejs:12 security update nodejs-12.21.0-1.module+el8.3.0+10191+34fb5a07.x86_64.rpm | Linux |
| (RHSA-2021:0734) nodejs:12 security update nodejs-debugsource-12.21.0-1.module+el8.3.0+10191+34fb5a07.x86_64.rpm | Linux |
| (RHSA-2021:0734) nodejs:12 security update nodejs-devel-12.21.0-1.module+el8.3.0+10191+34fb5a07.x86_64.rpm | Linux |
| (RHSA-2021:0734) nodejs:12 security update nodejs-docs-12.21.0-1.module+el8.3.0+10191+34fb5a07.noarch.rpm | Linux |
| (RHSA-2021:0734) nodejs:12 security update nodejs-full-i18n-12.21.0-1.module+el8.3.0+10191+34fb5a07.x86_64.rpm | Linux |
| (RHSA-2021:0734) nodejs:12 security update npm-6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07.x86_64.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update nodejs-10.24.0-1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update nodejs-debugsource-10.24.0-1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update nodejs-devel-10.24.0-1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update nodejs-docs-10.24.0-1.module+el8.3.0+10166+b07ac28e.noarch.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update nodejs-full-i18n-10.24.0-1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0735) nodejs:10 security update npm-6.14.11-1.10.24.0.1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update nodejs-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update nodejs-debugsource-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update nodejs-devel-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update nodejs-docs-14.16.0-2.module+el8.3.0+10180+b92e1eb6.noarch.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update nodejs-full-i18n-14.16.0-2.module+el8.3.0+10180+b92e1eb6.x86_64.rpm | Linux |
| (RHSA-2021:0744) nodejs:14 security and bug fix update npm-6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6.x86_64.rpm | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) nodejs_10.19.0~dfsg-3ubuntu1.2_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) nodejs_8.10.0~dfsg-2ubuntu0.4_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) nodejs_8.10.0~dfsg-2ubuntu0.4_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) libnode64_10.19.0~dfsg-3ubuntu1.2_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) nodejs-dev_8.10.0~dfsg-2ubuntu0.4_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) nodejs-dev_8.10.0~dfsg-2ubuntu0.4_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6418-1) libnode-dev_10.19.0~dfsg-3ubuntu1.2_amd64.deb | Linux |
| (RHSA-2021:0735)Important: security update nodejs-debuginfo-10.24.0-1.module+el8.3.0+10166+b07ac28e.x86_64.rpm | Linux |
| (RHSA-2021:0735)Important: security update nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm | Linux |
| (RHSA-2021:0735)Important: security update nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm | Linux |
| Important: nodejs:10 security update nodejs-10.24.0-1.module_el8.3.0+2047+b07ac28e.x86_64.rpm | Linux |
| Important: nodejs:10 security update nodejs-devel-10.24.0-1.module_el8.3.0+2047+b07ac28e.x86_64.rpm | Linux |
| Important: nodejs:10 security update nodejs-docs-10.24.0-1.module_el8.3.0+2047+b07ac28e.noarch.rpm | Linux |
| Important: nodejs:10 security update nodejs-full-i18n-10.24.0-1.module_el8.3.0+2047+b07ac28e.x86_64.rpm | Linux |
| Important: nodejs:10 security update nodejs-nodemon-1.18.3-1.module_el8.3.0+2047+b07ac28e.noarch.rpm | Linux |
| Important: nodejs:10 security update npm-6.14.11-1.10.24.0.1.module_el8.3.0+2047+b07ac28e.x86_64.rpm | Linux |
| Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234