Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-22019

Опубликовано: 20 фев. 2024
Источник: nvd
CVSS3: 7.5
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 18.0.0 (включая) до 18.19.1 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 20.0.0 (включая) до 20.11.1 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 21.0.0 (включая) до 21.6.2 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.00094
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-404

Связанные уязвимости

ubuntu логотип

CVE-2024-22019

CVSS3: 7.5
ubuntu
больше 1 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

redhat логотип

CVE-2024-22019

CVSS3: 7.5
redhat
больше 1 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

msrc логотип

CVE-2024-22019

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-22019

CVSS3: 7.5
debian
больше 1 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a s ...

github логотип

GHSA-prhj-8562-p8gj

CVSS3: 7.5
github
больше 1 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

EPSS

Процентиль: 28%
0.00094
Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-404