CVE-2022-35255

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-35255

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35255.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-35255

Aliases

BIT-node-2022-35255

Related

Published

2022-12-05T22:15:10Z

Modified

2024-09-11T04:56:10.623470Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

References

Affected packages

Alpine:v3.15 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.2-r0

16.14.0-r0

16.14.2-r0

16.16.0-r0

Alpine:v3.16 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

Alpine:v3.17 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

Alpine:v3.18 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

Alpine:v3.19 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

Alpine:v3.20 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.17.1-r0

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.0-r1

14.16.1-r0

14.16.1-r1

14.16.1-r2

14.17.0-r0

14.17.1-r0

14.17.2-r0

14.17.3-r0

14.17.4-r0

14.17.5-r0

14.17.6-r0

14.17.6-r1

14.18.0-r0

14.18.1-r0

14.18.1-r1

16.*

16.13.0-r0

16.13.1-r0

16.13.1-r1

16.13.2-r0

16.13.2-r1

16.14.2-r0

16.14.2-r1

16.15.0-r0

16.15.0-r1

16.16.0-r0

16.16.0-r1

16.17.0-r0

Debian:11 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.12~dfsg-1~deb11u3

Affected versions

12.*

12.21.0~dfsg-5

12.22.4~dfsg-1

12.22.5~dfsg-1

12.22.5~dfsg-2~11u1

12.22.5~dfsg-2

12.22.5~dfsg-3

12.22.5~dfsg-4

12.22.5~dfsg-5

12.22.5~dfsg-6

12.22.5~dfsg-7

12.22.7~dfsg-1

12.22.7~dfsg-2

12.22.9~dfsg-1

12.22.10~dfsg-1

12.22.10~dfsg-2

12.22.12~dfsg-1~deb11u1

12.22.12~dfsg-1~deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.10.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nodejs

Package

Name: nodejs
Purl: pkg:deb/debian/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.10.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

df3ed1e89299e4c8f006fc20e22265a889c97919

Affected versions

v18.*

v18.0.0

v18.1.0

v18.2.0

v18.3.0

v18.4.0

v18.5.0

v18.6.0

v18.7.0

v18.8.0

v18.9.0