[USN-6672-1] Node.js vulnerabilities
Several security issues were fixed in Node.js.
Morgan Jones discovered that Node.js incorrectly handled certain inputs that
leads to false positive errors during some cryptographic operations. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 23.10. (CVE-2023-23919)
It was discovered that Node.js incorrectly handled certain inputs leaded to a
untrusted search path vulnerability. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to perform a privilege escalation. (CVE-2023-23920)
Matt Caswell discovered that Node.js incorrectly handled certain inputs with
specially crafted ASN.1 object identifiers or data containing them. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-2650)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/nodejs?distro=mantic | < 18.13.0+dfsg1-1ubuntu2.1 |
pkg:deb/ubuntu/nodejs?distro=jammy | < 12.22.9~dfsg-1ubuntu3.4 |
pkg:deb/ubuntu/nodejs?distro=focal | < 10.19.0~dfsg-3ubuntu1.5 |
pkg:deb/ubuntu/nodejs-doc?distro=mantic | < 18.13.0+dfsg1-1ubuntu2.1 |
pkg:deb/ubuntu/nodejs-doc?distro=jammy | < 12.22.9~dfsg-1ubuntu3.4 |
pkg:deb/ubuntu/nodejs-doc?distro=focal | < 10.19.0~dfsg-3ubuntu1.5 |
pkg:deb/ubuntu/libnode72?distro=jammy | < 12.22.9~dfsg-1ubuntu3.4 |
pkg:deb/ubuntu/libnode64?distro=focal | < 10.19.0~dfsg-3ubuntu1.5 |
pkg:deb/ubuntu/libnode108?distro=mantic | < 18.13.0+dfsg1-1ubuntu2.1 |
pkg:deb/ubuntu/libnode-dev?distro=mantic | < 18.13.0+dfsg1-1ubuntu2.1 |
pkg:deb/ubuntu/libnode-dev?distro=jammy | < 12.22.9~dfsg-1ubuntu3.4 |
pkg:deb/ubuntu/libnode-dev?distro=focal | < 10.19.0~dfsg-3ubuntu1.5 |
- ID
- USN-6672-1
- Severity
- high
- Severity from
- CVE-2023-23919
- URL
- https://ubuntu.com/security/notices/USN-6672-1
- Published
-
2024-03-04T11:09:06
(6 months ago) - Modified
-
2024-03-04T11:09:06
(6 months ago) - Other Advisories
-
- ALAS-2023-1762
- ALAS2-2023-2073
- ALAS2-2023-2097
- ALAS2-2024-2502
- ALPINE:CVE-2023-23919
- ALPINE:CVE-2023-23920
- ALPINE:CVE-2023-2650
- ALSA-2023:1582
- ALSA-2023:1583
- ALSA-2023:1743
- ALSA-2023:2654
- ALSA-2023:2655
- ALSA-2023:3722
- ALSA-2023:6330
- DSA-5395-1
- DSA-5417-1
- DSA-5589-1
- ELSA-2023-12768
- ELSA-2023-1582
- ELSA-2023-1583
- ELSA-2023-1743
- ELSA-2023-2654
- ELSA-2023-2655
- ELSA-2023-3722
- ELSA-2023-6330
- FEDORA-2023-026c8ba371
- FEDORA-2023-964eb00fc6
- FEDORA-2023-973319d5b7
- FREEBSD:22DF5074-71CD-11EE-85EB-84A93843EB75
- FREEBSD:D86BECFE-05A4-11EE-9D4A-080027EDA32C
- FREEBSD:EB9A3C57-FF9E-11ED-A0D1-84A93843EB75
- GLSA-202402-08
- MS:CVE-2023-2650
- RHSA-2023:1582
- RHSA-2023:1583
- RHSA-2023:1743
- RHSA-2023:2654
- RHSA-2023:2655
- RHSA-2023:3722
- RHSA-2023:6330
- RLSA-2023:2655
- SSA:2023-150-01
- SUSE-SU-2023:0606-1
- SUSE-SU-2023:0607-1
- SUSE-SU-2023:0608-1
- SUSE-SU-2023:0609-1
- SUSE-SU-2023:0673-1
- SUSE-SU-2023:0674-1
- SUSE-SU-2023:0682-1
- SUSE-SU-2023:0715-1
- SUSE-SU-2023:0738-1
- SUSE-SU-2023:2327-1
- SUSE-SU-2023:2328-1
- SUSE-SU-2023:2329-1
- SUSE-SU-2023:2330-1
- SUSE-SU-2023:2331-1
- SUSE-SU-2023:2332-1
- SUSE-SU-2023:2342-1
- SUSE-SU-2023:2343-1
- SUSE-SU-2023:2469-1
- SUSE-SU-2023:2470-1
- SUSE-SU-2023:2471-1
- SUSE-SU-2023:2620-1
- USN-6119-1
- USN-6188-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/nodejs?distro=mantic | ubuntu | nodejs | < 18.13.0+dfsg1-1ubuntu2.1 | mantic | ||
Affected | pkg:deb/ubuntu/nodejs?distro=jammy | ubuntu | nodejs | < 12.22.9~dfsg-1ubuntu3.4 | jammy | ||
Affected | pkg:deb/ubuntu/nodejs?distro=focal | ubuntu | nodejs | < 10.19.0~dfsg-3ubuntu1.5 | focal | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=mantic | ubuntu | nodejs-doc | < 18.13.0+dfsg1-1ubuntu2.1 | mantic | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=jammy | ubuntu | nodejs-doc | < 12.22.9~dfsg-1ubuntu3.4 | jammy | ||
Affected | pkg:deb/ubuntu/nodejs-doc?distro=focal | ubuntu | nodejs-doc | < 10.19.0~dfsg-3ubuntu1.5 | focal | ||
Affected | pkg:deb/ubuntu/libnode72?distro=jammy | ubuntu | libnode72 | < 12.22.9~dfsg-1ubuntu3.4 | jammy | ||
Affected | pkg:deb/ubuntu/libnode64?distro=focal | ubuntu | libnode64 | < 10.19.0~dfsg-3ubuntu1.5 | focal | ||
Affected | pkg:deb/ubuntu/libnode108?distro=mantic | ubuntu | libnode108 | < 18.13.0+dfsg1-1ubuntu2.1 | mantic | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=mantic | ubuntu | libnode-dev | < 18.13.0+dfsg1-1ubuntu2.1 | mantic | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=jammy | ubuntu | libnode-dev | < 12.22.9~dfsg-1ubuntu3.4 | jammy | ||
Affected | pkg:deb/ubuntu/libnode-dev?distro=focal | ubuntu | libnode-dev | < 10.19.0~dfsg-3ubuntu1.5 | focal |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |