CVE-2024-27983

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-362
View all →

Vulnerability Description

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

Related Vulnerabilities

CVE-2021-4207

HIGH
CVSS:8.2(High)

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor ...

CWE-3622021

CVE-2005-2352

HIGH
CVSS:8.1(High)

I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.

CWE-3622005

CVE-2006-4245

HIGH
CVSS:8.1(High)

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

CWE-3622006

CVE-2009-4011

HIGH
CVSS:8.1(High)

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS cons...

CWE-3622009

CVE-2014-9748

HIGH
CVSS:8.1(High)

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to caus...

CWE-3622014