Количество 22
Количество 22
GHSA-j65r-8hrg-qc6x
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
CVE-2024-27983
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable ...
BDU:2024-02689
Уязвимость функции node::http2::Http2Session::~Http2Session() HTTP/2-сервера программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2024:1355-1
Security update for nodejs14
SUSE-SU-2024:1346-1
Security update for nodejs12
SUSE-SU-2024:1308-1
Security update for nodejs16
SUSE-SU-2024:1306-1
Security update for nodejs16
SUSE-SU-2024:1305-1
Security update for nodejs16
ROS-20240425-03
Уязвимость nodejs
SUSE-SU-2024:1309-1
Security update for nodejs18
SUSE-SU-2024:1307-1
Security update for nodejs18
SUSE-SU-2024:1301-1
Security update for nodejs20
RLSA-2024:2910
Important: nodejs security update
ELSA-2024-2910
ELSA-2024-2910: nodejs security update (IMPORTANT)
ELSA-2024-2853
ELSA-2024-2853: nodejs:20 security update (IMPORTANT)
ELSA-2024-2780
ELSA-2024-2780: nodejs:18 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-j65r-8hrg-qc6x An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | CVSS3: 8.2 | 59% Средний | больше 1 года назад |
 | CVE-2024-27983 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | CVSS3: 8.2 | 59% Средний | больше 1 года назад |
 | CVE-2024-27983 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | CVSS3: 7.5 | 59% Средний | больше 1 года назад |
 | CVE-2024-27983 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | CVSS3: 8.2 | 59% Средний | больше 1 года назад |
 | CVSS3: 8.2 | 59% Средний | больше 1 года назад | |
| CVE-2024-27983 An attacker can make the Node.js HTTP/2 server completely unavailable ... | CVSS3: 8.2 | 59% Средний | больше 1 года назад |
 | BDU:2024-02689 Уязвимость функции node::http2::Http2Session::~Http2Session() HTTP/2-сервера программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 59% Средний | больше 1 года назад |
 | SUSE-SU-2024:1355-1 Security update for nodejs14 | больше 1 года назад | ||
| SUSE-SU-2024:1346-1 Security update for nodejs12 | больше 1 года назад | ||
| SUSE-SU-2024:1308-1 Security update for nodejs16 | больше 1 года назад | ||
| SUSE-SU-2024:1306-1 Security update for nodejs16 | больше 1 года назад | ||
| SUSE-SU-2024:1305-1 Security update for nodejs16 | больше 1 года назад | ||
 | ROS-20240425-03 Уязвимость nodejs | CVSS3: 5.3 | 59% Средний | больше 1 года назад |
| SUSE-SU-2024:1309-1 Security update for nodejs18 | больше 1 года назад | ||
| SUSE-SU-2024:1307-1 Security update for nodejs18 | больше 1 года назад | ||
| SUSE-SU-2024:1301-1 Security update for nodejs20 | больше 1 года назад | ||
 | RLSA-2024:2910 Important: nodejs security update | больше 1 года назад | ||
| ELSA-2024-2910 ELSA-2024-2910: nodejs security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-2853 ELSA-2024-2853: nodejs:20 security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-2780 ELSA-2024-2780: nodejs:18 security update (IMPORTANT) | больше 1 года назад |
Уязвимостей на страницу