CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27983

Medium Severity
SVRS
36/100
CVSSv3
8.2/10
EPSS
0.80092/1

CVE-2024-27983 is a denial-of-service vulnerability in the Node.js HTTP/2 server. This flaw allows a remote attacker to crash the server by sending a small number of specially crafted HTTP/2 frames. An abrupt TCP connection closure during header processing leads to a race condition, potentially leaving data in memory and triggering a server crash.

While the CVSS score is 8.2 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 36. However, despite the moderate SVRS score, the "Exploit Available" and "In The Wild" tags significantly raise the risk. Successful exploitation results in server unavailability, impacting applications relying on the affected Node.js instance. Immediate patching is crucial, even with a moderate SVRS score, due to the presence of active exploits that could easily disrupt services. Mitigate the risk of this critical vulnerability.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.0
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:L
A:H
PUBLICATION DATE2025-03-14
LAST MODIFIED2024-04-09
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-27983 is a vulnerability in the Node.js HTTP/2 server that can cause a denial of service (DoS) attack. An attacker can send a small number of HTTP/2 frames packets with a few HTTP/2 frames inside to make the server completely unavailable.

Key Insights:

  • The SVRS score of 30 indicates that this vulnerability is not as severe as others, but it is still important to take action to mitigate the risk.
  • Active exploits have been published for this vulnerability, which means that attackers are actively exploiting it.
  • The vulnerability is being used in the wild, which means that it is being actively exploited by hackers.

Mitigation Strategies:

  • Update to the latest version of Node.js.
  • Use a web application firewall (WAF) to block malicious traffic.
  • Implement rate limiting to prevent attackers from sending too many requests to the server.
  • Monitor your network traffic for suspicious activity.

Additional Information:

If you have any additional questions about this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
lirantal/CVE-2024-27983-nodejs-http2https://github.com/lirantal/CVE-2024-27983-nodejs-http22024-04-14
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-27983 | Node.js CONTINUATION Frame resource consumption (FEDORA-2024-2ffe03eaa6 / Nessus ID 216256)
vuldb.com2025-02-14
CVE-2024-27983 | Node.js CONTINUATION Frame resource consumption (FEDORA-2024-2ffe03eaa6 / Nessus ID 216256) | A vulnerability, which was classified as problematic, has been found in Node.js. Affected by this issue is some unknown functionality of the component CONTINUATION Frame Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-27983. The attack may be launched remotely. There is no
vuldb.com
rss
forum
news
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-12-02
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks | Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream. An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not
cert.org
rss
forum
news
Siemens SINEC INS
CISA2024-11-14
Siemens SINEC INS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news
CVE-2024-27983 | Node.js CONTINUATION Frame resource consumption (FEDORA-2024-2ffe03eaa6)
vuldb.com2024-06-11
CVE-2024-27983 | Node.js CONTINUATION Frame resource consumption (FEDORA-2024-2ffe03eaa6) | A vulnerability, which was classified as problematic, has been found in Node.js. Affected by this issue is some unknown functionality of the component CONTINUATION Frame Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-27983. The attack may be launched remotely. There is no exploit available.
vuldb.com
rss
forum
news
DDoS threat report for 2024 Q1
Jorge Pacheco2024-04-16
DDoS threat report for 2024 Q1 | 2024 started with a bang. Cloudflare’s autonomous systems mitigated over 4.5 million DDoS attacks in the first quarter of the year — a 50% increase compared to the previous year. Read the full coverageThis post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français, Español</a
cve-2024-30255
cve-2024-27983
cve-2024-28182
cve-2024-2758
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks - The Hacker News
2024-04-04
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks - The Hacker News | News Content: New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC said in an advisory on April 3, 2024. "An attacker that can send packets to a target
google.com
rss
forum
news
What you should know: HTTP/2 CONTINUATION Flood Vulnerability
Mario Teixeira2024-04-10
What you should know: HTTP/2 CONTINUATION Flood Vulnerability | A new class of vulnerabilities in specific implementations of the HTTP/2 protocol, dubbed &#8220;HTTP/2 CONTINUATION Flood,&#8221; has been discovered, causing concern across the Internet. Various affected products have already been identified and assigned CVEs, with more expected to be disclosed &#8230; Read More <
cve-2024-28182
cve-2024-24549
cve-2024-2653
cve-2024-27983

Social Media

🚨 In #NodeJS version 18.20.1-r0 and earlier, a high severity #vulnerability (CVE-2024-27983) was detected. This server issue allows attackers to disrupt its function by sending several specially crafted packets. Stay vigilant for any unusual server behavior.
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://hackerone.com/reports/2319584
[email protected]https://hackerone.com/reports/2319584
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/
[email protected]https://hackerone.com/reports/2319584
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]https://hackerone.com/reports/2319584
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/03/16
[email protected]https://hackerone.com/reports/2319584
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/
[email protected]https://security.netapp.com/advisory/ntap-20240510-0002/

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence