CVE-2021-22940

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22940

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22940.json

Aliases

BIT-node-2021-22940

Related

ALSA-2021:3623
ALSA-2021:3666
DLA-3137-1
RLSA-2021:3623
RLSA-2021:3666

Published

2021-08-16T19:15:13Z

Modified

2024-05-14T08:25:57.148657Z

Summary

[none]

Details

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

References

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
https://security.gentoo.org/glsa/202401-02
https://security.netapp.com/advisory/ntap-20210923-0001/
https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://hackerone.com/reports/1238162

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

2f45ad8060e13d5ac912335096d21526f2f9602b

Introduced

7162e686b18d22b4385fa5c04274fb04dbd810c7

Introduced

73aa21658dfa6a22c06451d080152b32b1f98dbe

Fixed

bfe80913e88139da1aa283475cdbc060ea98ae6f

Affected versions

v16.*

v16.0.0

v16.1.0

v16.2.0

v16.3.0

v16.4.0

v16.4.1

v16.4.2

v16.5.0

v16.6.0

v16.6.1