CVE-2020-8251

CWE-400 — Uncontrolled Resource Consumption9 documents6 sources

Severity

7.5HIGH

EPSS

5.0%

top 10.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node Nodejs Node.js Fedoraproject Fedora

Timeline

PublishedSep 18

Latest updateMay 24

Description

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5nodejs/node4.0 — 4.*+8

▶NVDnodejs/node.js14.0.0 — 14.11.0

Also affects: Fedora 33

🔴Vulnerability Details

GHSA

GHSA-9cwr-72m4-73jq: Node↗2022-05-24

▶

CVEList

CVE-2020-8251: Node↗2020-09-18

▶

📋Vendor Advisories

Red Hat

nodejs: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests↗2020-09-15

▶

Debian

CVE-2020-8251: nodejs - Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on...↗2020

▶

💬Community

Bugzilla

CVE-2020-8251 nodejs:14/nodejs: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests [fedora-all]↗2020-09-16

▶

Bugzilla

CVE-2020-8251 nodejs: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests↗2020-09-16

▶

Bugzilla

CVE-2020-8251 nodejs: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests [fedora-all]↗2020-09-16

▶

Bugzilla

CVE-2020-8251 nodejs: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests [epel-all]↗2020-09-16

▶