1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6672-1

[USN-6672-1] Node.js vulnerabilities

Severity High
Affected Packages 12
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in Node.js.

Morgan Jones discovered that Node.js incorrectly handled certain inputs that
leads to false positive errors during some cryptographic operations. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 23.10. (CVE-2023-23919)

It was discovered that Node.js incorrectly handled certain inputs leaded to a
untrusted search path vulnerability. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to perform a privilege escalation. (CVE-2023-23920)

Matt Caswell discovered that Node.js incorrectly handled certain inputs with
specially crafted ASN.1 object identifiers or data containing them. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-2650)

Package Affected Version
pkg:deb/ubuntu/nodejs?distro=mantic < 18.13.0+dfsg1-1ubuntu2.1
pkg:deb/ubuntu/nodejs?distro=jammy < 12.22.9~dfsg-1ubuntu3.4
pkg:deb/ubuntu/nodejs?distro=focal < 10.19.0~dfsg-3ubuntu1.5
pkg:deb/ubuntu/nodejs-doc?distro=mantic < 18.13.0+dfsg1-1ubuntu2.1
pkg:deb/ubuntu/nodejs-doc?distro=jammy < 12.22.9~dfsg-1ubuntu3.4
pkg:deb/ubuntu/nodejs-doc?distro=focal < 10.19.0~dfsg-3ubuntu1.5
pkg:deb/ubuntu/libnode72?distro=jammy < 12.22.9~dfsg-1ubuntu3.4
pkg:deb/ubuntu/libnode64?distro=focal < 10.19.0~dfsg-3ubuntu1.5
pkg:deb/ubuntu/libnode108?distro=mantic < 18.13.0+dfsg1-1ubuntu2.1
pkg:deb/ubuntu/libnode-dev?distro=mantic < 18.13.0+dfsg1-1ubuntu2.1
pkg:deb/ubuntu/libnode-dev?distro=jammy < 12.22.9~dfsg-1ubuntu3.4
pkg:deb/ubuntu/libnode-dev?distro=focal < 10.19.0~dfsg-3ubuntu1.5
ID
USN-6672-1
Severity
high
Severity from
CVE-2023-23919
URL
https://ubuntu.com/security/notices/USN-6672-1
Published
2024-03-04T11:09:06
(6 months ago)
Modified
2024-03-04T11:09:06
(6 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/nodejs?distro=mantic ubuntu nodejs < 18.13.0+dfsg1-1ubuntu2.1 mantic
Affected pkg:deb/ubuntu/nodejs?distro=jammy ubuntu nodejs < 12.22.9~dfsg-1ubuntu3.4 jammy
Affected pkg:deb/ubuntu/nodejs?distro=focal ubuntu nodejs < 10.19.0~dfsg-3ubuntu1.5 focal
Affected pkg:deb/ubuntu/nodejs-doc?distro=mantic ubuntu nodejs-doc < 18.13.0+dfsg1-1ubuntu2.1 mantic
Affected pkg:deb/ubuntu/nodejs-doc?distro=jammy ubuntu nodejs-doc < 12.22.9~dfsg-1ubuntu3.4 jammy
Affected pkg:deb/ubuntu/nodejs-doc?distro=focal ubuntu nodejs-doc < 10.19.0~dfsg-3ubuntu1.5 focal
Affected pkg:deb/ubuntu/libnode72?distro=jammy ubuntu libnode72 < 12.22.9~dfsg-1ubuntu3.4 jammy
Affected pkg:deb/ubuntu/libnode64?distro=focal ubuntu libnode64 < 10.19.0~dfsg-3ubuntu1.5 focal
Affected pkg:deb/ubuntu/libnode108?distro=mantic ubuntu libnode108 < 18.13.0+dfsg1-1ubuntu2.1 mantic
Affected pkg:deb/ubuntu/libnode-dev?distro=mantic ubuntu libnode-dev < 18.13.0+dfsg1-1ubuntu2.1 mantic
Affected pkg:deb/ubuntu/libnode-dev?distro=jammy ubuntu libnode-dev < 12.22.9~dfsg-1ubuntu3.4 jammy
Affected pkg:deb/ubuntu/libnode-dev?distro=focal ubuntu libnode-dev < 10.19.0~dfsg-3ubuntu1.5 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date