USN-6564-1

Source

https://ubuntu.com/security/notices/USN-6564-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6564-1.json

Related

• CVE-2022-4304
• CVE-2022-4450
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-0401

Published

2024-01-03T09:31:07.811283Z

Modified

2024-01-03T09:31:07.811283Z

Details

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304)

CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450)

Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215)

David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286)

Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401)

References

• https://ubuntu.com/security/notices/USN-6564-1
• https://ubuntu.com/security/CVE-2022-4304
• https://ubuntu.com/security/CVE-2022-4450
• https://ubuntu.com/security/CVE-2023-0215
• https://ubuntu.com/security/CVE-2023-0286
• https://ubuntu.com/security/CVE-2023-0401