CVE-2021-22883

Q: What is the severity of CVE-2021-22883?

CVE-2021-22883 has a CVSS score of 7.5 (HIGH). Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descriptor leaks. This can exhaust system resources, preventing new connections and potentially crashing the server. Affected are Node.js servers running vulnerable versions before patches were released.

7.5 HIGH

Denial of Service

📋 TL;DR

Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descriptor leaks. This can exhaust system resources, preventing new connections and potentially crashing the server. Affected are Node.js servers running vulnerable versions before patches were released.

💻 Affected Systems

Products:

Node.js

Versions: All versions before 10.24.0, 12.21.0, 14.16.0, and 15.10.0

Operating Systems: All operating systems running Node.js

Default Config Vulnerable: ⚠️ Yes

Notes: Any Node.js server accepting network connections is vulnerable; the issue is in the core networking module.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to file descriptor exhaustion or memory depletion, rendering the server unable to accept new connections or perform basic operations.

🟠

Likely Case

Degraded performance and intermittent service disruptions as file descriptors are consumed, potentially leading to partial outages.

🟢

If Mitigated

Minimal impact with proper resource limits and monitoring in place, though some performance degradation may occur during attack attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only network access to send malformed connection attempts; tools for DoS attacks could easily incorporate this.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Node.js 10.24.0, 12.21.0, 14.16.0, 15.10.0 or later

Vendor Advisory: https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/

Restart Required: Yes

Instructions:

1. Identify current Node.js version using 'node -v'. 2. Upgrade to a patched version using your package manager (e.g., 'npm install -g n' and 'n stable' or 'n lts'). 3. Restart all Node.js applications and services.

🔧 Temporary Workarounds

Set file descriptor limits

linux

Configure system-wide or per-process file descriptor limits to prevent exhaustion.

ulimit -n 4096
Edit /etc/security/limits.conf to set 'nofile' limits

Implement rate limiting

all

Use network firewalls or load balancers to limit connection attempts from single sources.

🧯 If You Can't Patch

Deploy network-level protections like WAFs or firewalls to block excessive connection attempts.
Monitor file descriptor usage and restart services if thresholds are exceeded.

🔍 How to Verify

Check if Vulnerable:

Run 'node -v' and compare to affected versions; if below 10.24.0, 12.21.0, 14.16.0, or 15.10.0, it's vulnerable.

Check Version:

node -v

Verify Fix Applied:

After patching, confirm version is at or above the patched versions and test with simulated connection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual spikes in 'unknownProtocol' errors or connection failures in Node.js logs.

Network Indicators:

High volume of failed connection attempts from single IPs or unusual protocols.

SIEM Query:

source="nodejs.log" AND ("unknownProtocol" OR "ECONNRESET") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2021-22883

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: March 3, 2021

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch,Third Party Advisory
https://hackerone.com/reports/1043360 Permissions Required,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ Patch,Release Notes,Vendor Advisory
https://security.netapp.com/advisory/ntap-20210416-0001/ Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch,Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch,Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch,Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch,Third Party Advisory
https://hackerone.com/reports/1043360 Permissions Required,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ/
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ Patch,Release Notes,Vendor Advisory
https://security.netapp.com/advisory/ntap-20210416-0001/ Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch,Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch,Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

E Series Performance Analyzer by Netapp

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Graalvm by Oracle

Graalvm by Oracle

Graalvm by Oracle

Jd Edwards Enterpriseone Tools by Oracle

Mysql Cluster by Oracle

Node.js by Nodejs

Node.js by Nodejs

Node.js by Nodejs

Node.js by Nodejs

Nosql Database by Oracle

Peoplesoft Enterprise Peopletools by Oracle

Peoplesoft Enterprise Peopletools by Oracle

Sinec Infrastructure Network Services by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Set file descriptor limits

Implement rate limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities