Not to be fixed
Created: Feb 18, 2024
Updated: Feb 28, 2024
Resolved Date: Feb 28, 2024
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
https://nvd.nist.gov/vuln/detail/CVE-2024-22019
