1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6735-1

[USN-6735-1] Node.js vulnerabilities

Severity High
Affected Packages 21
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in Node.js.

It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)

It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)

It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)

Package Affected Version
pkg:deb/ubuntu/nodejs?distro=xenial < 4.2.6~dfsg-1ubuntu4.2+esm3
pkg:deb/ubuntu/nodejs?distro=trusty < 0.10.25~dfsg2-2ubuntu1.2+esm2
pkg:deb/ubuntu/nodejs?distro=mantic < 18.13.0+dfsg1-1ubuntu2.2
pkg:deb/ubuntu/nodejs?distro=jammy < 12.22.9~dfsg-1ubuntu3.5
pkg:deb/ubuntu/nodejs?distro=focal < 10.19.0~dfsg-3ubuntu1.6
pkg:deb/ubuntu/nodejs?distro=bionic < 8.10.0~dfsg-2ubuntu0.4+esm5
pkg:deb/ubuntu/nodejs-legacy?distro=xenial < 4.2.6~dfsg-1ubuntu4.2+esm3
pkg:deb/ubuntu/nodejs-legacy?distro=trusty < 0.10.25~dfsg2-2ubuntu1.2+esm2
pkg:deb/ubuntu/nodejs-doc?distro=mantic < 18.13.0+dfsg1-1ubuntu2.2
pkg:deb/ubuntu/nodejs-doc?distro=jammy < 12.22.9~dfsg-1ubuntu3.5
pkg:deb/ubuntu/nodejs-doc?distro=focal < 10.19.0~dfsg-3ubuntu1.6
pkg:deb/ubuntu/nodejs-doc?distro=bionic < 8.10.0~dfsg-2ubuntu0.4+esm5
pkg:deb/ubuntu/nodejs-dev?distro=xenial < 4.2.6~dfsg-1ubuntu4.2+esm3
pkg:deb/ubuntu/nodejs-dev?distro=trusty < 0.10.25~dfsg2-2ubuntu1.2+esm2
pkg:deb/ubuntu/nodejs-dev?distro=bionic < 8.10.0~dfsg-2ubuntu0.4+esm5
pkg:deb/ubuntu/libnode72?distro=jammy < 12.22.9~dfsg-1ubuntu3.5
pkg:deb/ubuntu/libnode64?distro=focal < 10.19.0~dfsg-3ubuntu1.6
pkg:deb/ubuntu/libnode108?distro=mantic < 18.13.0+dfsg1-1ubuntu2.2
pkg:deb/ubuntu/libnode-dev?distro=mantic < 18.13.0+dfsg1-1ubuntu2.2
pkg:deb/ubuntu/libnode-dev?distro=jammy < 12.22.9~dfsg-1ubuntu3.5
pkg:deb/ubuntu/libnode-dev?distro=focal < 10.19.0~dfsg-3ubuntu1.6
ID
USN-6735-1
Severity
high
Severity from
CVE-2023-30589
URL
https://ubuntu.com/security/notices/USN-6735-1
Published
2024-04-16T11:31:52
(5 months ago)
Modified
2024-04-16T11:31:52
(5 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/nodejs?distro=xenial ubuntu nodejs < 4.2.6~dfsg-1ubuntu4.2+esm3 xenial
Affected pkg:deb/ubuntu/nodejs?distro=trusty ubuntu nodejs < 0.10.25~dfsg2-2ubuntu1.2+esm2 trusty
Affected pkg:deb/ubuntu/nodejs?distro=mantic ubuntu nodejs < 18.13.0+dfsg1-1ubuntu2.2 mantic
Affected pkg:deb/ubuntu/nodejs?distro=jammy ubuntu nodejs < 12.22.9~dfsg-1ubuntu3.5 jammy
Affected pkg:deb/ubuntu/nodejs?distro=focal ubuntu nodejs < 10.19.0~dfsg-3ubuntu1.6 focal
Affected pkg:deb/ubuntu/nodejs?distro=bionic ubuntu nodejs < 8.10.0~dfsg-2ubuntu0.4+esm5 bionic
Affected pkg:deb/ubuntu/nodejs-legacy?distro=xenial ubuntu nodejs-legacy < 4.2.6~dfsg-1ubuntu4.2+esm3 xenial
Affected pkg:deb/ubuntu/nodejs-legacy?distro=trusty ubuntu nodejs-legacy < 0.10.25~dfsg2-2ubuntu1.2+esm2 trusty
Affected pkg:deb/ubuntu/nodejs-doc?distro=mantic ubuntu nodejs-doc < 18.13.0+dfsg1-1ubuntu2.2 mantic
Affected pkg:deb/ubuntu/nodejs-doc?distro=jammy ubuntu nodejs-doc < 12.22.9~dfsg-1ubuntu3.5 jammy
Affected pkg:deb/ubuntu/nodejs-doc?distro=focal ubuntu nodejs-doc < 10.19.0~dfsg-3ubuntu1.6 focal
Affected pkg:deb/ubuntu/nodejs-doc?distro=bionic ubuntu nodejs-doc < 8.10.0~dfsg-2ubuntu0.4+esm5 bionic
Affected pkg:deb/ubuntu/nodejs-dev?distro=xenial ubuntu nodejs-dev < 4.2.6~dfsg-1ubuntu4.2+esm3 xenial
Affected pkg:deb/ubuntu/nodejs-dev?distro=trusty ubuntu nodejs-dev < 0.10.25~dfsg2-2ubuntu1.2+esm2 trusty
Affected pkg:deb/ubuntu/nodejs-dev?distro=bionic ubuntu nodejs-dev < 8.10.0~dfsg-2ubuntu0.4+esm5 bionic
Affected pkg:deb/ubuntu/libnode72?distro=jammy ubuntu libnode72 < 12.22.9~dfsg-1ubuntu3.5 jammy
Affected pkg:deb/ubuntu/libnode64?distro=focal ubuntu libnode64 < 10.19.0~dfsg-3ubuntu1.6 focal
Affected pkg:deb/ubuntu/libnode108?distro=mantic ubuntu libnode108 < 18.13.0+dfsg1-1ubuntu2.2 mantic
Affected pkg:deb/ubuntu/libnode-dev?distro=mantic ubuntu libnode-dev < 18.13.0+dfsg1-1ubuntu2.2 mantic
Affected pkg:deb/ubuntu/libnode-dev?distro=jammy ubuntu libnode-dev < 12.22.9~dfsg-1ubuntu3.5 jammy
Affected pkg:deb/ubuntu/libnode-dev?distro=focal ubuntu libnode-dev < 10.19.0~dfsg-3ubuntu1.6 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date