ALPINE-CVE-2024-27983

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2024-27983

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2024-27983

Upstream

CVE-2024-27983

Published

2024-04-09T01:15:49.197Z

Modified

2026-06-15T18:18:10.283191324Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

References

https://security.alpinelinux.org/vuln/CVE-2024-27983

Affected packages

Alpine:v3.17

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.20.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.18

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.20.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.19

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.20

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.21

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.22

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.23

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"

Alpine:v3.24

nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.12.1-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2024-27983.json"