PT-2023-2002 · Node.Js+9 · Node.Js+9

Morgan Jones

+1

·

Published

2023-02-16

·

Updated

2026-05-18

·

CVE-2023-23919

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Node.js versions prior to 19.2.0 Node.js versions prior to 18.14.1 Node.js versions prior to 16.19.1 Node.js versions prior to 14.21.3
Description A cryptographic issue exists that may not clear the OpenSSL error stack after certain operations, potentially leading to false positive errors during subsequent cryptographic operations on the same thread. This could be exploited to cause a denial of service. The issue is related to errors in data encryption.
Recommendations For versions prior to 19.2.0, update to version 19.2.0 or later to resolve the issue. For versions prior to 18.14.1, update to version 18.14.1 or later to resolve the issue. For versions prior to 16.19.1, update to version 16.19.1 or later to resolve the issue. For versions prior to 14.21.3, update to version 14.21.3 or later to resolve the issue.

Exploit

Fix

DoS

Weakness Enumeration

CWE-399CWE-310

Related Identifiers

ALSA-2023:1582
ALSA-2023:2654
ALT-PU-2023-1431
ALT-PU-2023-1494
ALT-PU-2023-1496
AZL-13684
BDU:2023-01626
BIT-NODE-2023-23919
BIT-NODE-MIN-2023-23919
CESA-2023_1582
CESA-2023_1583
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2023-23919
DSA-5589-1
OPENSUSE-SU-2024:12725-1
OPENSUSE-SU-2024:12726-1
RHSA-2023:1582
RHSA-2023:1583
RHSA-2023:2654
RHSA-2023_1582
RHSA-2023_1583
RHSA-2023_2654
RLSA-2023:1582
SUSE-SU-2023:0608-1
SUSE-SU-2023:0609-1
SUSE-SU-2023:0673-1
SUSE-SU-2023:0715-1
SUSE-SU-2023:0738-1
USN-6672-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Node.Js
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu