CVE-2023-23919

CVSS v3.1 7.5 (High)

EPSS 0.08 % (34^th)

Affected Products 1

Advisories 16

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

Weaknesses

CWE-310: Cryptographic Issues
CWE-NVD-Other

CVE Status: PUBLISHED
CNA: HackerOne
Published Date: 2023-02-23 20:15:13
(19 months ago)
Updated Date: 2023-03-16 16:15:11
(18 months ago)

Affected Products

Nodejs

Node.js

Configuration #1

	CPE23	From	Up To
Nodejs Node.js from 14.0.0 version and 14.14.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 14.0.0	<= 14.14.0
Nodejs Node.js from 14.0.0 version and prior 14.21.3 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 14.0.0	< 14.21.3
Nodejs Node.js from 16.0.0 version and 16.12.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 16.0.0	<= 16.12.0
Nodejs Node.js from 16.0.0 version and prior 16.19.1 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 16.0.0	< 16.19.1
Nodejs Node.js from 18.0.0 version and 18.11.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 18.0.0	<= 18.11.0
Nodejs Node.js from 18.0.0 version and prior 18.14.1 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 18.0.0	< 18.14.1
Nodejs Node.js from 19.0.0 version and prior 19.2.0 version	cpe:2.3:a:nodejs:node.js::::*:-	>= 19.0.0	< 19.2.0