BIT-node-2023-23919

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2023-23919.json

Aliases

CVE-2023-23919

Published

2024-03-06T11:02:11.484Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

References

https://hackerone.com/reports/1808596
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
https://security.netapp.com/advisory/ntap-20230316-0008/

Affected packages

Bitnami / node

Package

Name: node

Affected ranges

Type: SEMVER
Events: Introduced

14.0.0

Fixed

14.14.0

Introduced

14.0.0

Fixed

14.21.3

Introduced

16.0.0

Fixed

16.12.0

Introduced

16.0.0

Fixed

16.19.1

Introduced

18.0.0

Fixed

18.11.0

Introduced

18.0.0

Fixed

18.14.1

Introduced

19.0.0

Fixed

19.2.0