CVE-2023-23919

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23919

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23919.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-23919

Aliases

Downstream

ALPINE-CVE-2023-23919

DEBIAN-CVE-2023-23919

DSA-5589-1

RHSA-2023:1582

RHSA-2023:1583

RHSA-2023:2654

SUSE-SU-2023:0608-1

SUSE-SU-2023:0609-1

SUSE-SU-2023:0673-1

SUSE-SU-2023:0715-1

SUSE-SU-2023:0738-1

UBUNTU-CVE-2023-23919

USN-6672-1

openSUSE-SU-2024:12725-1

openSUSE-SU-2024:12726-1

Related

Published

2023-02-23T20:15:13Z

Modified

2025-10-10T04:28:56.866155Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

73aa21658dfa6a22c06451d080152b32b1f98dbe

Fixed

edd64fe5ba20c6c2f53720c672c591f09d9d4ac0

Affected versions

v14.*

v14.0.0

v14.1.0

v14.10.0

v14.10.1

v14.11.0

v14.12.0

v14.13.0

v14.13.1

v14.14.0

v14.15.0

v14.15.1

v14.15.2

v14.15.3

v14.15.4

v14.15.5

v14.16.0

v14.16.1

v14.17.0

v14.17.1

v14.17.2

v14.17.3

v14.17.4

v14.17.5

v14.17.6

v14.18.0

v14.18.1

v14.18.2

v14.18.3

v14.19.0

v14.19.1

v14.19.2

v14.19.3

v14.2.0

v14.20.0

v14.20.1

v14.21.0

v14.21.1

v14.21.2

v14.3.0

v14.4.0

v14.5.0

v14.6.0

v14.7.0

v14.8.0

v14.9.0