UBUNTU-CVE-2016-7099

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2016-7099

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7099.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7099

Related

Published

2016-10-10T16:59:00Z

Modified

2016-10-10T16:59:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

References

Affected packages

Ubuntu:Pro:14.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@0.10.25~dfsg2-2ubuntu1.2+esm1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.25~dfsg2-2ubuntu1.2+esm1

Affected versions

0.*

0.10.15~dfsg1-4

0.10.21~dfsg1-1

0.10.22~dfsg1-2

0.10.23~dfsg1-1

0.10.23~dfsg1-2

0.10.23~dfsg1-3

0.10.24~dfsg1-1

0.10.25~dfsg2-2

0.10.25~dfsg2-2ubuntu1

0.10.25~dfsg2-2ubuntu1.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dbg": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "nodejs-dev": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "nodejs-dev-dbgsym": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "nodejs": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "nodejs-legacy": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "nodejs-dbgsym": "0.10.25~dfsg2-2ubuntu1.2+esm1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm1?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.6~dfsg-1ubuntu4.2+esm1

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1

4.2.3~dfsg-1

4.2.4~dfsg-1ubuntu1

4.2.4~dfsg-2

4.2.6~dfsg-1ubuntu1

4.2.6~dfsg-1ubuntu4

4.2.6~dfsg-1ubuntu4.1

4.2.6~dfsg-1ubuntu4.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dbg": "4.2.6~dfsg-1ubuntu4.2+esm1",
            "nodejs-dev": "4.2.6~dfsg-1ubuntu4.2+esm1",
            "nodejs-dev-dbgsym": "4.2.6~dfsg-1ubuntu4.2+esm1",
            "nodejs": "4.2.6~dfsg-1ubuntu4.2+esm1",
            "nodejs-legacy": "4.2.6~dfsg-1ubuntu4.2+esm1",
            "nodejs-dbgsym": "4.2.6~dfsg-1ubuntu4.2+esm1"
        }
    ]
}

Ubuntu:18.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10.0~dfsg-2

Affected versions

6.*

6.11.4~dfsg-1ubuntu1

6.11.4~dfsg-1ubuntu2

6.12.0~dfsg-1ubuntu1

6.12.0~dfsg-2ubuntu1

6.12.0~dfsg-2ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-dev": "8.10.0~dfsg-2",
            "nodejs-doc": "8.10.0~dfsg-2",
            "nodejs": "8.10.0~dfsg-2",
            "nodejs-dbgsym": "8.10.0~dfsg-2"
        }
    ]
}