CVE-2021-44532

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type

GIT

Repo

https://github.com/graalvm/graalvm-ce-builds

Events

Introduced

Last affected

ab8db8415e996bd955acef60c0b2225761210c9a

Introduced

Last affected

5d777aadefa45491c9fd582d09ef4dc7dfdf1bfa

Introduced

Last affected

bd6570ec5fc8253ab93b6760c36a3883cc3bdbb2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "21.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "22.0.0.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/mysql/mysql-server

Events

Introduced

Last affected

8d8c986e5716e38cb776b627a8eee9e92241b4ce

Introduced

Last affected

6846e6b2f72931991cc9fd589dc9946ea2ab58c9

Introduced

Last affected

8d8c986e5716e38cb776b627a8eee9e92241b4ce

Introduced

Last affected

0cd98bdf981583a1cf4cb526581fc16e23bb839b

Introduced

270fd3411e3d671a73ed9725940a30080f59ce6d

Last affected

6846e6b2f72931991cc9fd589dc9946ea2ab58c9

Introduced

270fd3411e3d671a73ed9725940a30080f59ce6d

Last affected

6846e6b2f72931991cc9fd589dc9946ea2ab58c9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.29"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.28"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.29"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.7.37"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.28"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.28"
        }
    ]
}

Type

GIT

Repo

https://github.com/nodejs/node

Events

Introduced

Fixed

4e44cbfba6bbb87aa15564ea6856a556804f71c0

Introduced

73aa21658dfa6a22c06451d080152b32b1f98dbe

Fixed

92df3d654b366aa115fb672756cb051d480d8acc

Introduced

7162e686b18d22b4385fa5c04274fb04dbd810c7

Fixed

acb71eab779fb56bf70e8a9e0cb2e82a089a87de

Introduced

f99ce7c1b88ff445f60e9e5575b674cb509e47f3

Fixed

e4f326669a3f98a8804dde23eee6d8403f0a99f1

Introduced

Last affected

cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.22.9"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.18.3"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.13.2"
        },
        {
            "introduced": "17.0.0"
        },
        {
            "fixed": "17.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        }
    ]
}

Affected versions

mysql-5.*

mysql-5.5.52

mysql-5.5.53

mysql-5.5.54

mysql-5.5.55

mysql-5.5.56

mysql-5.5.57

mysql-5.5.58

mysql-5.5.59

mysql-5.5.60

mysql-5.5.61

mysql-5.5.62

mysql-5.5.63

mysql-5.6.33

mysql-5.6.34

mysql-5.6.35

mysql-5.6.36

mysql-5.6.37

mysql-5.6.38

mysql-5.6.39

mysql-5.6.40

mysql-5.6.41

mysql-5.6.42

mysql-5.6.43

mysql-5.6.45

mysql-5.6.46

mysql-5.6.47

mysql-5.6.48

mysql-5.6.49

mysql-5.6.50

mysql-5.6.51

mysql-5.7-22-ndb-7.6.6

mysql-5.7.15

mysql-5.7.16

mysql-5.7.17

mysql-5.7.18

mysql-5.7.19

mysql-5.7.20

mysql-5.7.21

mysql-5.7.22

mysql-5.7.24

mysql-5.7.25

mysql-5.7.26

mysql-5.7.27

mysql-5.7.28

mysql-5.7.29

mysql-5.7.30

mysql-5.7.31

mysql-5.7.32

mysql-5.7.33

mysql-5.7.34

mysql-5.7.35

mysql-5.7.36

mysql-5.7.37

mysql-8.*

mysql-8.0.0

mysql-8.0.1

mysql-8.0.11

mysql-8.0.12

mysql-8.0.13

mysql-8.0.14

mysql-8.0.15

mysql-8.0.16

mysql-8.0.17

mysql-8.0.18

mysql-8.0.19

mysql-8.0.2

mysql-8.0.20

mysql-8.0.21

mysql-8.0.22

mysql-8.0.23

mysql-8.0.24

mysql-8.0.25

mysql-8.0.26

mysql-8.0.27

mysql-8.0.28

mysql-8.0.29

mysql-8.0.3

mysql-8.0.4

mysql-cluster-7.*

mysql-cluster-7.2.24

mysql-cluster-7.2.25

mysql-cluster-7.2.26

mysql-cluster-7.2.27

mysql-cluster-7.2.28

mysql-cluster-7.2.29

mysql-cluster-7.2.30

mysql-cluster-7.2.31

mysql-cluster-7.2.32

mysql-cluster-7.2.33

mysql-cluster-7.2.34

mysql-cluster-7.2.35

mysql-cluster-7.2.37

mysql-cluster-7.2.38

mysql-cluster-7.2.39

mysql-cluster-7.2.40

mysql-cluster-7.3.13

mysql-cluster-7.3.14

mysql-cluster-7.3.15

mysql-cluster-7.3.16

mysql-cluster-7.3.17

mysql-cluster-7.3.18

mysql-cluster-7.3.19

mysql-cluster-7.3.20

mysql-cluster-7.3.21

mysql-cluster-7.3.22

mysql-cluster-7.3.23

mysql-cluster-7.3.24

mysql-cluster-7.3.25

mysql-cluster-7.3.26

mysql-cluster-7.3.27

mysql-cluster-7.3.28

mysql-cluster-7.3.29

mysql-cluster-7.3.30

mysql-cluster-7.3.31

mysql-cluster-7.3.33

mysql-cluster-7.4.11

mysql-cluster-7.4.12

mysql-cluster-7.4.13

mysql-cluster-7.4.14

mysql-cluster-7.4.15

mysql-cluster-7.4.16

mysql-cluster-7.4.17

mysql-cluster-7.4.18

mysql-cluster-7.4.19

mysql-cluster-7.4.20

mysql-cluster-7.4.21

mysql-cluster-7.4.23

mysql-cluster-7.4.24

mysql-cluster-7.4.25

mysql-cluster-7.4.26

mysql-cluster-7.4.27

mysql-cluster-7.4.28

mysql-cluster-7.4.29

mysql-cluster-7.4.30

mysql-cluster-7.4.32

mysql-cluster-7.4.33

mysql-cluster-7.4.34

mysql-cluster-7.4.35

mysql-cluster-7.5.1

mysql-cluster-7.5.10

mysql-cluster-7.5.11

mysql-cluster-7.5.12

mysql-cluster-7.5.13

mysql-cluster-7.5.14

mysql-cluster-7.5.15

mysql-cluster-7.5.16

mysql-cluster-7.5.17

mysql-cluster-7.5.18

mysql-cluster-7.5.19

mysql-cluster-7.5.2

mysql-cluster-7.5.20

mysql-cluster-7.5.21

mysql-cluster-7.5.23

mysql-cluster-7.5.24

mysql-cluster-7.5.25

mysql-cluster-7.5.3

mysql-cluster-7.5.4

mysql-cluster-7.5.5

mysql-cluster-7.5.6

mysql-cluster-7.5.7

mysql-cluster-7.5.8

mysql-cluster-7.5.9

mysql-cluster-7.6.10

mysql-cluster-7.6.11

mysql-cluster-7.6.12

mysql-cluster-7.6.13

mysql-cluster-7.6.14

mysql-cluster-7.6.15

mysql-cluster-7.6.16

mysql-cluster-7.6.17

mysql-cluster-7.6.19

mysql-cluster-7.6.2

mysql-cluster-7.6.20

mysql-cluster-7.6.3

mysql-cluster-7.6.4

mysql-cluster-7.6.5

mysql-cluster-7.6.6

mysql-cluster-7.6.7

mysql-cluster-7.6.8

mysql-cluster-7.6.9

mysql-cluster-8.*

mysql-cluster-8.0.16

mysql-cluster-8.0.18

mysql-cluster-8.0.19

mysql-cluster-8.0.20

mysql-cluster-8.0.21

mysql-cluster-8.0.22

mysql-cluster-8.0.23

mysql-cluster-8.0.24

mysql-cluster-8.0.25

mysql-cluster-8.0.26

mysql-cluster-8.0.27

mysql-cluster-8.0.28

mysql-cluster-8.0.29

vm-19.*

vm-19.3.0

vm-19.3.0.2

vm-19.3.1

vm-19.3.2

vm-19.3.2-pre

vm-19.3.3

vm-19.3.4

vm-19.3.5

vm-19.3.6

vm-20.*

vm-20.0.0

vm-20.0.1

vm-20.1.0

vm-20.2.0

vm-20.3.0

vm-20.3.1

vm-20.3.1.2

vm-20.3.2

vm-20.3.3

vm-20.3.4

vm-20.3.5

vm-21.*

vm-21.0.0

vm-21.0.0.2

vm-21.1.0

vm-21.2.0

vm-21.3.0

vm-ce-21.*

vm-ce-21.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44532.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.58"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.59"
            }
        ]
    }
]