CVE-2023-46809

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46809

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46809.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-46809

Aliases

Downstream

BELL-CVE-2023-46809

DEBIAN-CVE-2023-46809

DLA-3776-1

DLA-3886-1

DSA-5991-1

ECHO-dba2-02dc-e131

OESA-2024-2171

OESA-2024-2172

OESA-2024-2173

OESA-2024-2175

RHSA-2024:1503

RHSA-2024:1510

RHSA-2024:1687

RHSA-2024:1688

RHSA-2024:1880

RHSA-2024:1932

RLSA-2024:1503

RLSA-2024:1688

SUSE-SU-2024:0643-1

SUSE-SU-2024:0644-1

SUSE-SU-2024:0728-1

SUSE-SU-2024:0729-1

SUSE-SU-2024:0730-1

SUSE-SU-2024:0731-1

SUSE-SU-2024:0732-1

SUSE-SU-2024:0733-1

UBUNTU-CVE-2023-46809

openSUSE-SU-2024:13697-1

openSUSE-SU-2024:13698-1

Related

Published

2024-09-07T16:15:02Z

Modified

2025-08-29T19:00:05Z

Summary

[none]

Details

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

References

https://nodejs.org/en/blog/vulnerability/february-2024-security-releases

Affected packages