CVE-2024-22019

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-404
View all →

Vulnerability Description

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Related Vulnerabilities

CVE-2010-4038

HIGH
CVSS:7.5(High)

The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspeci...

CWE-4042010

CVE-2012-2805

HIGH
CVSS:7.5(High)

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

CWE-4042012

CVE-2013-4133

HIGH
CVSS:7.5(High)

kde-workspace before 4.10.5 has a memory leak in plasma desktop

CWE-4042013

CVE-2014-125066

HIGH
CVSS:7.5(High)

A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attac...

CWE-4042014

CVE-2015-10025

HIGH
CVSS:7.5(High)

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the com...

CWE-4042015

CVE-2015-10085

HIGH
CVSS:7.5(High)

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious deli...

CWE-4042015