Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:1444

Опубликовано: 27 мар. 2024
Источник: rocky
Оценка: Important

Описание

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)

  • nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
nodejs-nodemonnoarch1.module+el8.8.0+1459+02651ab6nodejs-nodemon-3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm
nodejs-nodemonnoarch1.module+el8.8.0+1459+02651ab6nodejs-nodemon-3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm
nodejs-packagingnoarch1.module+el8.8.0+1461+f50bb75anodejs-packaging-26-1.module+el8.8.0+1461+f50bb75a.noarch.rpm
nodejs-packagingnoarch1.module+el8.8.0+1461+f50bb75anodejs-packaging-26-1.module+el8.8.0+1461+f50bb75a.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-44487
CVE-2024-22019

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-1444

oracle-oval
больше 1 года назад

ELSA-2024-1444: nodejs:16 security update (IMPORTANT)

ubuntu логотип

CVE-2024-22019

CVSS3: 7.5
ubuntu
почти 2 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

redhat логотип

CVE-2024-22019

CVSS3: 7.5
redhat
почти 2 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

nvd логотип

CVE-2024-22019

CVSS3: 7.5
nvd
почти 2 года назад

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

msrc логотип

CVE-2024-22019

CVSS3: 7.5
msrc
почти 2 года назад

Описание отсутствует