PT-2022-1546 · Node.Js+7 · Node.Js+7

Published

2020-01-24

·

Updated

2024-12-16

·

CVE-2021-44533

CVSS v2.0

7.1

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 12.22.9 Node.js versions prior to 14.18.3 Node.js versions prior to 16.13.2 Node.js versions prior to 17.3.1
Description The issue is related to errors in the certificate authentication procedure, specifically with the handling of multi-value Relative Distinguished Names. Attackers could craft certificate subjects to bypass certificate subject verification, potentially allowing spoofing attacks. The vulnerability may affect third-party code that uses Node.js's ambiguous presentation of certificate subjects.
Recommendations For Node.js versions prior to 12.22.9, update to version 12.22.9 or later. For Node.js versions prior to 14.18.3, update to version 14.18.3 or later. For Node.js versions prior to 16.13.2, update to version 16.13.2 or later. For Node.js versions prior to 17.3.1, update to version 17.3.1 or later.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2022:7830
ALSA-2022:9073
ALT-PU-2020-1090
ALT-PU-2022-1760
ALT-PU-2022-1799
ALT-PU-2022-2156
ALT-PU-2022-2171
ALT-PU-2022-3073
ALT-PU-2023-1461
ALT-PU-2023-1912
AZL-8819
BDU:2022-00751
BIT-NODE-2021-44533
BIT-NODE-MIN-2021-44533
CESA-2022_7830
CESA-2022_9073
CVE-2021-44533
DSA-5170-1
MGASA-2022-0077
OESA-2022-1620
OPENSUSE-SU-2022:0112-1
OPENSUSE-SU-2022:0113-1
OPENSUSE-SU-2022_0112-1
OPENSUSE-SU-2022_0113-1
OPENSUSE-SU-2024:11730-1
OPENSUSE-SU-2024:11746-1
RHSA-2022:4914
RHSA-2022:7044
RHSA-2022:7830
RHSA-2022:9073
RHSA-2022_7830
RHSA-2022_9073
RHSA-2023:1742
RLSA-2022:7830
RLSA-2022:9073
SUSE-SU-2022:0101-1
SUSE-SU-2022:0112-1
SUSE-SU-2022:0113-1
SUSE-SU-2022:0114-1

Affected Products

Alt Linux
Almalinux
Centos
Node.Js
Red Hat
Red Os
Rocky Linux
Suse