Vulnerability Description
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nodejs | Node.Js | >= 14.0.0, <= 14.14.0 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/1808596ExploitThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/PatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230316-0008/
- https://hackerone.com/reports/1808596ExploitThird Party Advisory
- https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/PatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230316-0008/
FAQ
What is CVE-2023-23919?
CVE-2023-23919 is a vulnerability with a CVSS score of 7.5 (HIGH). A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to f...
How severe is CVE-2023-23919?
CVE-2023-23919 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23919?
Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Node.Js.