CVE-2021-22883 is a denial of service (DoS) vulnerability affecting Node.js versions prior to 10.24.0, 12.21.0, 14.16.0, and 15.10.0. The vulnerability arises when an attacker establishes numerous connection attempts using an 'unknownProtocol'. This triggers a leak of file descriptors within the Node.js process. File descriptors are critical system resources used to manage open files and network connections. When these descriptors are exhausted due to the leak, the server can no longer accept new connections or open files, effectively causing a denial of service. If the operating system enforces a file descriptor limit, the Node.js process hits this limit and becomes unable to handle legitimate requests or perform file operations. In the absence of such limits, the leak leads to excessive memory consumption, potentially causing the system to run out of memory and crash or become unresponsive. This vulnerability is categorized under CWE-400, indicating a resource exhaustion issue. Exploitation does not require authentication or user interaction, making it relatively easy for remote attackers to trigger the condition by sending malformed connection attempts. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to any Node.js server running affected versions, especially those exposed to untrusted networks or the internet. The affected versions span a wide range, including major LTS and current releases prior to the patched versions, indicating that many deployments could be vulnerable if not updated.

For European organizations, the impact of CVE-2021-22883 can be substantial, particularly for those relying on Node.js-based backend services, APIs, or real-time applications. The denial of service caused by file descriptor exhaustion can disrupt critical business operations, leading to service outages, degraded performance, and potential loss of customer trust. Organizations in sectors such as finance, healthcare, telecommunications, and e-commerce, which often deploy Node.js for scalable web services, may experience operational downtime affecting transaction processing, data availability, and customer interactions. Additionally, resource exhaustion can indirectly impact system integrity if recovery mechanisms fail or if the system crashes unexpectedly. Given that the vulnerability can be exploited remotely without authentication, attackers can target exposed Node.js servers to cause widespread disruption. This is especially concerning for cloud-hosted services or public-facing applications common in European enterprises. The absence of known exploits in the wild suggests limited active exploitation, but the ease of triggering the vulnerability means that opportunistic attackers or automated scanning tools could leverage it. Furthermore, the impact on availability aligns with GDPR requirements for service continuity and data protection, meaning outages could have regulatory and reputational consequences for affected organizations.

To mitigate CVE-2021-22883, European organizations should prioritize upgrading Node.js to versions 10.24.0, 12.21.0, 14.16.0, 15.10.0, or later, where the vulnerability is patched. If immediate upgrade is not feasible, organizations should implement network-level controls such as rate limiting and connection filtering to restrict the number of simultaneous connection attempts with unknown or unsupported protocols. Deploying Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) configured to detect and block anomalous connection patterns can reduce exposure. Additionally, system administrators should review and adjust file descriptor limits to balance resource availability and system stability, ensuring that limits are neither too low to cause premature exhaustion nor too high to allow uncontrolled resource consumption. Monitoring tools should be configured to alert on unusual spikes in open file descriptors, memory usage, or connection attempts to enable rapid detection and response. For critical services, implementing redundancy and failover mechanisms can minimize downtime in case of an attack. Finally, organizations should conduct regular security assessments and update their incident response plans to include scenarios involving resource exhaustion attacks targeting Node.js environments.