Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libnode64-dbgsym": "10.19.0~dfsg-3ubuntu1.2", "libnode64": "10.19.0~dfsg-3ubuntu1.2", "nodejs-doc": "10.19.0~dfsg-3ubuntu1.2", "nodejs": "10.19.0~dfsg-3ubuntu1.2", "libnode-dev": "10.19.0~dfsg-3ubuntu1.2", "nodejs-dbgsym": "10.19.0~dfsg-3ubuntu1.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "nodejs-doc": "12.22.9~dfsg-1ubuntu3", "libnode72": "12.22.9~dfsg-1ubuntu3", "nodejs": "12.22.9~dfsg-1ubuntu3", "libnode-dev": "12.22.9~dfsg-1ubuntu3", "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3", "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3" } ] }