UBUNTU-CVE-2021-44532

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2021-44532
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-44532.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-44532
Related
Published
2022-02-24T19:15:00Z
Modified
2025-06-03T08:41:46Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

References

Affected packages

Ubuntu:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2
12.22.9~dfsg-1ubuntu3.3
12.22.9~dfsg-1ubuntu3.4
12.22.9~dfsg-1ubuntu3.5
12.22.9~dfsg-1ubuntu3.6

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@20.16.0+dfsg-1ubuntu1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.16.0+dfsg-1ubuntu1

Affected versions

18.*

18.19.1+dfsg-6ubuntu5
18.20.1+dfsg-4ubuntu4

20.*

20.13.1+dfsg-2ubuntu6
20.14.0+dfsg-1ubuntu1
20.14.0+dfsg-2ubuntu1
20.14.0+dfsg-3ubuntu1
20.15.0+dfsg-1ubuntu3

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "libnode115"
        },
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "libnode115-dbgsym"
        },
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "20.16.0+dfsg-1ubuntu1",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:24.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@18.19.1+dfsg-6ubuntu5?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.19.1+dfsg-6ubuntu5

Affected versions

18.*

18.13.0+dfsg1-1ubuntu2
18.19.1+dfsg-2ubuntu4
18.19.1+dfsg-6ubuntu1
18.19.1+dfsg-6ubuntu2

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "libnode109"
        },
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "libnode109-dbgsym"
        },
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "18.19.1+dfsg-6ubuntu5",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:25.04 / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs@20.18.1+dfsg-1ubuntu2?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.18.1+dfsg-1ubuntu2

Affected versions

20.*

20.16.0+dfsg-1ubuntu1
20.17.0+dfsg-2ubuntu1
20.18.0+dfsg-2
20.18.1+dfsg-1ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "libnode115"
        },
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "libnode115-dbgsym"
        },
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "20.18.1+dfsg-1ubuntu2",
            "binary_name": "nodejs-doc"
        }
    ]
}