Showing 1 - 3 of 3

CVE-2023-23919

Status Candidate

Overview

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

Related Files

Ubuntu Security Notice USN-6672-1: Posted Mar 4, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2023-23919, CVE-2023-23920, CVE-2023-2650; SHA-256 | fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095; Download | Favorite | View

Debian Security Advisory 5589-1: Posted Dec 28, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.; tags | advisory, web, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559, CVE-2023-38552, CVE-2023-39333; SHA-256 | 99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88; Download | Favorite | View

Red Hat Security Advisory 2023-2654-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.; tags | advisory, denial of service, overflow, javascript, vulnerability; systems | linux, redhat; advisories | CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807; SHA-256 | 4e7a13c72b1bbe26649f90f2ee5c748667dc190692c7389ff21e92530336c9f3; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-23919

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems