CVE-2024-22019

{"id": "CVE-2024-22019", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-20T02:15:50.983", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/2233486", "tags": ["Issue Tracking"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0004/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/2233486", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits."}, {"lang": "es", "value": "Una vulnerabilidad en los servidores HTTP de Node.js permite a un atacante enviar una solicitud HTTP especialmente manipulada con codificaci\u00f3n fragmentada, lo que provoca el agotamiento de los recursos y la denegaci\u00f3n de servicio (DoS). El servidor lee una cantidad ilimitada de bytes de una \u00fanica conexi\u00f3n, aprovechando la falta de limitaciones en los bytes de extensi\u00f3n de fragmentos. El problema puede provocar el agotamiento del ancho de banda de la CPU y de la red, pasando por alto salvaguardas est\u00e1ndar como tiempos de espera y l\u00edmites de tama\u00f1o corporal."}], "lastModified": "2025-04-02T20:10:16.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "ED0E725B-F218-44C4-BAFA-05E831D9ED68", "versionEndExcluding": "18.19.1", "versionStartIncluding": "18.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EB510747-739C-4654-86E1-337962640D6E", "versionEndExcluding": "20.11.1", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "47D50080-1F46-4A8C-B766-971F7FBCA5C1", "versionEndExcluding": "21.6.2", "versionStartIncluding": "21.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}