Executive Summary

Informations
Name CVE-2024-22019 First vendor Publication 2024-02-20
Vendor Cve Last vendor Modification 2024-05-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22019

Sources (Detail)

http://www.openwall.com/lists/oss-security/2024/03/11/1
https://hackerone.com/reports/2233486
https://security.netapp.com/advisory/ntap-20240315-0004/
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-05-02 00:27:32
  • Multiple Updates
2024-03-15 13:27:32
  • Multiple Updates
2024-02-21 05:27:24
  • Multiple Updates
2024-02-20 09:27:24
  • First insertion