Skip to content

File descriptor leak can cause DoS vulnerability in v2.0 and v2.1 #1427

Closed
@hueniverse

Description

@hueniverse

Impact

This vulnerability allows an attacker to take down a hapi-based server running versions 2.0.x and 2.1.x.

Details

Versions 2.0.x and 2.1.x have a file descriptor leak that when triggered repeatedly will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.

Advice

Please upgrade to version 2.2.x or above as soon as possible.

Reported Attacks

No attacks have been reported.

Additional Information

If you have any questions or concerns, please reply to this issue or if they are sensitive in nature, email to eran@hammer.io

Metadata

Metadata

Assignees

Labels

securityIssue with security impact

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions