Login Sign Up

CVE-2024-27983

8.2 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Node.js HTTP/2 servers by sending specially crafted HTTP/2 frames and abruptly closing TCP connections, triggering a race condition that crashes the server. It affects Node.js applications using HTTP/2 protocol. The vulnerability requires no authentication and can render servers completely unavailable.

💻 Affected Systems

Products:
  • Node.js
Versions: Node.js versions 20.x before 20.12.1, 18.x before 18.20.2, 16.x before 16.20.2
Operating Systems: All operating systems running affected Node.js versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using HTTP/2 protocol. HTTP/1.x servers are not vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of Node.js HTTP/2 servers, causing service disruption for all users and potential cascading failures in dependent systems.

🟠

Likely Case

Service disruption and downtime for applications using vulnerable Node.js HTTP/2 implementations, requiring server restarts to restore functionality.

🟢

If Mitigated

Minimal impact with proper network controls and monitoring, though servers remain vulnerable to targeted attacks.

🌐 Internet-Facing: HIGH - HTTP/2 servers exposed to the internet are directly vulnerable to unauthenticated DoS attacks from any network location.
🏢 Internal Only: MEDIUM - Internal servers are still vulnerable but attack surface is reduced; requires internal network access or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in security advisories. The attack requires sending HTTP/2 CONTINUATION frames and abruptly closing TCP connections to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Node.js 20.12.1, 18.20.2, 16.20.2

Vendor Advisory: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases

Restart Required: Yes

Instructions:

1. Identify Node.js version with 'node --version'. 2. Update to patched version using package manager: 'npm install -g n' then 'n 20.12.1' (or appropriate version). 3. Restart all Node.js applications and services.

🔧 Temporary Workarounds

Disable HTTP/2

all

Disable HTTP/2 protocol and use HTTP/1.x only if application functionality allows

Configure Node.js application to use HTTP/1.x only (application-specific configuration)

Rate Limiting

linux

Implement rate limiting and connection limits to reduce attack effectiveness

Use nginx or similar reverse proxy with rate limiting: 'limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;'

🧯 If You Can't Patch

  • Implement network-level protections: Use WAF or load balancer to filter HTTP/2 CONTINUATION frame attacks
  • Monitor for abnormal connection patterns: Sudden spikes in TCP connection resets or HTTP/2 frame errors

🔍 How to Verify

Check if Vulnerable:

Run 'node --version' and check if version is in affected range (20.x < 20.12.1, 18.x < 18.20.2, 16.x < 16.20.2)

Check Version:

node --version

Verify Fix Applied:

After update, verify with 'node --version' shows patched version (20.12.1, 18.20.2, or 16.20.2+)

📡 Detection & Monitoring

Log Indicators:

  • Multiple TCP connection resets from same source
  • HTTP/2 protocol errors or frame parsing failures
  • Node.js process crashes or restarts

Network Indicators:

  • Unusual HTTP/2 CONTINUATION frame patterns
  • Abrupt TCP connection closures during header processing
  • Spike in HTTP/2 traffic from single sources

SIEM Query:

source="nodejs" AND ("HTTP/2" OR "continuation") AND ("reset" OR "crash" OR "error")

📊 Metadata

CVE ID: CVE-2024-27983
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-362
Published: April 9, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27983, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)