Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an unknownProtocol are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Node.js | Nodejs | 10.0.0 (including) | 10.24.0 (excluding) |
Node.js | Nodejs | 12.0.0 (including) | 12.21.0 (excluding) |
Node.js | Nodejs | 14.0.0 (including) | 14.16.0 (excluding) |
Node.js | Nodejs | 15.0.0 (including) | 15.10.0 (excluding) |
Red Hat Enterprise Linux 8 | RedHat | nodejs:12-8030020210302104621.229f0a1c | * |
Red Hat Enterprise Linux 8 | RedHat | nodejs:10-8030020210225164533.229f0a1c | * |
Red Hat Enterprise Linux 8 | RedHat | nodejs:14-8030020210301172147.229f0a1c | * |
Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | nodejs:12-8010020210302113522.c27ad7f8 | * |
Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | nodejs:10-8010020210225115101.c27ad7f8 | * |
Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | nodejs:10-8020020210225153906.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | nodejs:12-8020020210302112530.4cda2c84 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs10-nodejs-0:10.24.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs14-nodejs-0:14.16.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs12-nodejs-0:12.21.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs10-nodejs-0:10.24.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs14-nodejs-0:14.16.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs12-nodejs-0:12.21.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs10-nodejs-0:10.24.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs14-nodejs-0:14.16.0-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs12-nodejs-0:12.21.0-1.el7 | * |
Nodejs | Ubuntu | bionic | * |
Nodejs | Ubuntu | esm-apps/bionic | * |
Nodejs | Ubuntu | focal | * |
Nodejs | Ubuntu | groovy | * |
Nodejs | Ubuntu | hirsute | * |
Nodejs | Ubuntu | impish | * |
Nodejs | Ubuntu | kinetic | * |
Nodejs | Ubuntu | trusty | * |
Nodejs | Ubuntu | upstream | * |
Nodejs | Ubuntu | xenial | * |