UBUNTU-CVE-2016-7099
- Source
- https://ubuntu.com/security/CVE-2016-7099
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7099.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7099
- Related
- Published
- 2016-10-10T16:59:00Z
- Modified
- 2016-10-10T16:59:00Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.25~dfsg2-2ubuntu1.2+esm1
Affected versions
0.*
0.10.15~dfsg1-4
0.10.21~dfsg1-1
0.10.22~dfsg1-2
0.10.23~dfsg1-1
0.10.23~dfsg1-2
0.10.23~dfsg1-3
0.10.24~dfsg1-1
0.10.25~dfsg2-2
0.10.25~dfsg2-2ubuntu1
0.10.25~dfsg2-2ubuntu1.2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs"
},
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs-dbg"
},
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs-dbgsym"
},
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs-dev"
},
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs-dev-dbgsym"
},
{
"binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
"binary_name": "nodejs-legacy"
}
]
}
Ubuntu:Pro:16.04:LTS / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.6~dfsg-1ubuntu4.2+esm1
Affected versions
0.*
0.10.25~dfsg2-2ubuntu1
4.*
4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs-dbg"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs-dbgsym"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs-dev"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs-dev-dbgsym"
},
{
"binary_version": "4.2.6~dfsg-1ubuntu4.2+esm1",
"binary_name": "nodejs-legacy"
}
]
}
Ubuntu:18.04:LTS / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/ubuntu/nodejs?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.10.0~dfsg-2
Affected versions
6.*
6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "8.10.0~dfsg-2",
"binary_name": "nodejs"
},
{
"binary_version": "8.10.0~dfsg-2",
"binary_name": "nodejs-dbgsym"
},
{
"binary_version": "8.10.0~dfsg-2",
"binary_name": "nodejs-dev"
},
{
"binary_version": "8.10.0~dfsg-2",
"binary_name": "nodejs-doc"
}
]
}