UBUNTU-CVE-2022-32223

Source
https://ubuntu.com/security/CVE-2022-32223
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-32223.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-32223
Related
Published
2022-07-14T15:15:00Z
Modified
2022-07-14T15:15:00Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, node.exe will search for providers.dll in the current user directory.After that, node.exe will try to search for providers.dll by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file providers.dll under a variety of paths and exploit this vulnerability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.25~dfsg2-2ubuntu1.2+esm1

Affected versions

0.*

0.10.15~dfsg1-4
0.10.21~dfsg1-1
0.10.22~dfsg1-2
0.10.23~dfsg1-1
0.10.23~dfsg1-2
0.10.23~dfsg1-3
0.10.24~dfsg1-1
0.10.25~dfsg2-2
0.10.25~dfsg2-2ubuntu1
0.10.25~dfsg2-2ubuntu1.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs-dbg"
        },
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs-dev"
        },
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs-dev-dbgsym"
        },
        {
            "binary_version": "0.10.25~dfsg2-2ubuntu1.2+esm1",
            "binary_name": "nodejs-legacy"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.6~dfsg-1ubuntu4.2+esm2

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
4.2.6~dfsg-1ubuntu4.2+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs-dbg"
        },
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs-dev"
        },
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs-dev-dbgsym"
        },
        {
            "binary_version": "4.2.6~dfsg-1ubuntu4.2+esm2",
            "binary_name": "nodejs-legacy"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.10.0~dfsg-2ubuntu0.4+esm3

Affected versions

6.*

6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2

8.*

8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm3",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm3",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm3",
            "binary_name": "nodejs-dev"
        },
        {
            "binary_version": "8.10.0~dfsg-2ubuntu0.4+esm3",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:20.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.19.0~dfsg-3ubuntu1.2

Affected versions

10.*

10.15.2~dfsg-2ubuntu1
10.17.0~dfsg-2ubuntu4
10.17.0~dfsg-2ubuntu6
10.19.0~dfsg-3ubuntu1
10.19.0~dfsg-3ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "libnode64"
        },
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "libnode64-dbgsym"
        },
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "10.19.0~dfsg-3ubuntu1.2",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.9~dfsg-1ubuntu3.1

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode72"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode72-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs-doc"
        }
    ]
}