Severity: high

File Descriptor Leak Can Cause DoS Vulnerability



Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak.

When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file descriptor limit. No other side effects or exploits have been identified.


  • Please upgrade to version 2.2.x or above as soon as possible.
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Jo Liss
    Oct 17th, 2015
  2. published

    Advisory published
    Feb 14th, 2014