Red Hat Security Advisory: nodejs:18 security update
Red Hat has issued a security advisory for the nodejs:18 module addressing multiple vulnerabilities including denial of service (DoS) issues via CONTINUATION frames and the fetch() function, HTTP request smuggling through content length obfuscation, and an out-of-bounds read in the c-ares library. These vulnerabilities affect Red Hat Enterprise Linux 8 variants and related architectures. The advisory rates the security impact as Important and provides updated packages to remediate these issues.
AI Analysis
Technical Summary
This advisory covers several security vulnerabilities in the Node.js 18 module and related components on Red Hat Enterprise Linux 8. The fixed issues include: a denial of service caused by CONTINUATION frames (CVE-2024-27983), a denial of service triggered by using the fetch() function to retrieve content from untrusted URLs (CVE-2024-22025), HTTP request smuggling via content length obfuscation (CVE-2024-27982), a CONTINUATION frames DoS in nghttp2 (CVE-2024-28182), and an out-of-bounds read in the c-ares library (CVE-2024-25629). Red Hat has released updated packages for multiple architectures and variants of RHEL 8 to address these vulnerabilities. The advisory references the Red Hat article for update instructions and lists bugzilla entries for each fix.
Potential Impact
The vulnerabilities collectively allow denial of service conditions and memory safety issues that could disrupt Node.js applications or services relying on affected components. Specifically, denial of service can be triggered by malformed HTTP/2 CONTINUATION frames, untrusted URL fetches, and HTTP request smuggling techniques. The out-of-bounds read in c-ares could lead to crashes or potential information disclosure. These impacts affect the availability and reliability of applications using the vulnerable Node.js 18 module on Red Hat Enterprise Linux 8.
Mitigation Recommendations
Red Hat has released updated nodejs:18 packages for Red Hat Enterprise Linux 8 and its variants that address these vulnerabilities. Users should apply the security update RHSA-2024:2780 promptly by following the instructions in the Red Hat advisory at https://access.redhat.com/articles/11258. Applying the official update is the recommended remediation. No additional mitigations are specified or required beyond installing the provided patches.
Red Hat Security Advisory: nodejs:18 security update
Description
Red Hat has issued a security advisory for the nodejs:18 module addressing multiple vulnerabilities including denial of service (DoS) issues via CONTINUATION frames and the fetch() function, HTTP request smuggling through content length obfuscation, and an out-of-bounds read in the c-ares library. These vulnerabilities affect Red Hat Enterprise Linux 8 variants and related architectures. The advisory rates the security impact as Important and provides updated packages to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers several security vulnerabilities in the Node.js 18 module and related components on Red Hat Enterprise Linux 8. The fixed issues include: a denial of service caused by CONTINUATION frames (CVE-2024-27983), a denial of service triggered by using the fetch() function to retrieve content from untrusted URLs (CVE-2024-22025), HTTP request smuggling via content length obfuscation (CVE-2024-27982), a CONTINUATION frames DoS in nghttp2 (CVE-2024-28182), and an out-of-bounds read in the c-ares library (CVE-2024-25629). Red Hat has released updated packages for multiple architectures and variants of RHEL 8 to address these vulnerabilities. The advisory references the Red Hat article for update instructions and lists bugzilla entries for each fix.
Potential Impact
The vulnerabilities collectively allow denial of service conditions and memory safety issues that could disrupt Node.js applications or services relying on affected components. Specifically, denial of service can be triggered by malformed HTTP/2 CONTINUATION frames, untrusted URL fetches, and HTTP request smuggling techniques. The out-of-bounds read in c-ares could lead to crashes or potential information disclosure. These impacts affect the availability and reliability of applications using the vulnerable Node.js 18 module on Red Hat Enterprise Linux 8.
Mitigation Recommendations
Red Hat has released updated nodejs:18 packages for Red Hat Enterprise Linux 8 and its variants that address these vulnerabilities. Users should apply the security update RHSA-2024:2780 promptly by following the instructions in the Red Hat advisory at https://access.redhat.com/articles/11258. Applying the official update is the recommended remediation. No additional mitigations are specified or required beyond installing the provided patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:2780
- Cve Count
- 5
- Additional Cves
- ["CVE-2024-25629","CVE-2024-27982","CVE-2024-27983","CVE-2024-28182"]
- Cvss Version
- null
Threat ID: 6a419cc027e9c79719ac08c8
Added to database: 06/28/2026, 22:14:24 UTC
Last enriched: 06/28/2026, 22:40:15 UTC
Last updated: 07/03/2026, 12:51:10 UTC
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.