CVE-2023-30588

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Node.js versions v16, v18, and v20

Description The issue is related to insufficient input validation in the crypto.X509Certificate() function. When an invalid public key is used to create an x509 certificate, a non-expected termination occurs, making it susceptible to DoS attacks. This happens because the process terminates when accessing public key information from user code, causing the current user context to be lost and leading to a DoS scenario. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For Node.js versions v16, v18, and v20, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2023:4330

ALSA-2023:4331

ALSA-2023:4536

ALSA-2023:4537

ALT-PU-2023-4642

ALT-PU-2024-14696

ALT-PU-2025-2007

ALT-PU-2025-2047

BDU:2023-04951

BIT-NODE-2023-30588

BIT-NODE-MIN-2023-30588

CESA-2023_4536

CESA-2023_4537

CVE-2023-30588

DSA-5589-1

MGASA-2023-0226

OPENSUSE-SU-2024:13021-1

RHSA-2023:4330

RHSA-2023:4331

RHSA-2023:4536

RHSA-2023:4537

RHSA-2023:5361

RHSA-2023:5533

RHSA-2023_4330

RHSA-2023_4331

RHSA-2023_4536

RHSA-2023_4537

RLSA-2023:4536

RLSA-2023:4537

SUSE-SU-2023:2655-1

SUSE-SU-2023:2662-1

SUSE-SU-2023:2663-1

SUSE-SU-2023:2669-1

SUSE-SU-2023:2861-1

USN-6735-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Node.Js

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-30588

Weakness Enumeration

Related Identifiers

Affected Products

References · 106