PT-2021-6612 · Node.Js+7 · Node.Js+7

Published

2021-08-12

·

Updated

2024-12-16

·

CVE-2021-22940

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 16.6.1 Node.js versions prior to 14.17.5 Node.js versions prior to 12.22.5
Description The issue is related to a use after free attack, where an attacker might exploit memory corruption to change process behavior. This can allow a remote attacker to impact data integrity.
Recommendations For versions prior to 16.6.1, update to version 16.6.1 or later. For versions prior to 14.17.5, update to version 14.17.5 or later. For versions prior to 12.22.5, update to version 12.22.5 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:3623
ALSA-2021:3666
ALT-PU-2021-2497
ALT-PU-2021-2550
ALT-PU-2022-3073
AZL-6745
BDU:2022-01889
BIT-NODE-2021-22940
BIT-NODE-MIN-2021-22940
CESA-2021_3623
CESA-2021_3666
CVE-2021-22940
DLA-3137-1
MGASA-2021-0463
OPENSUSE-SU-2021:1214-1
OPENSUSE-SU-2021:1313-1
OPENSUSE-SU-2021:2875-1
OPENSUSE-SU-2021:3211-1
OPENSUSE-SU-2021_1214-1
OPENSUSE-SU-2021_1313-1
OPENSUSE-SU-2021_2875-1
OPENSUSE-SU-2021_3211-1
OPENSUSE-SU-2022_2855-1
OPENSUSE-SU-2024:11096-1
OPENSUSE-SU-2024:11097-1
RHSA-2021:3280
RHSA-2021:3281
RHSA-2021:3623
RHSA-2021:3638
RHSA-2021:3639
RHSA-2021:3666
RHSA-2021_3623
RHSA-2021_3666
RLSA-2021:3623
RLSA-2021:3666
SUSE-SU-2021:2824-1
SUSE-SU-2021:2875-1
SUSE-SU-2021:3184-1
SUSE-SU-2021:3211-1
SUSE-SU-2022:2855-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Node.Js
Red Hat
Rocky Linux
Suse