← Zuruck zu CVEs

CVE-2024-22019

HIGH

7.5

Beschreibung

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/20/2024

Zuletzt geandert11/4/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

netapp:astra_control_centernodejs:node.js

Schwachen (CWE)

CWE-404

Referenzen

http://www.openwall.com/lists/oss-security/2024/03/11/1(support@hackerone.com)

https://hackerone.com/reports/2233486(support@hackerone.com)

https://security.netapp.com/advisory/ntap-20240315-0004/(support@hackerone.com)

http://www.openwall.com/lists/oss-security/2024/03/11/1(af854a3a-2127-422b-91ae-364da2661108)

https://hackerone.com/reports/2233486(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20240315-0004/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.