Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-23919)
It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation. (CVE-2023-23920)
Matt Caswell discovered that Node.js incorrectly handled certain inputs with specially crafted ASN.1 object identifiers or data containing them. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-2650)
{ "availability": "No subscription required", "binaries": [ { "libnode64-dbgsym": "10.19.0~dfsg-3ubuntu1.5", "libnode64": "10.19.0~dfsg-3ubuntu1.5", "nodejs-doc": "10.19.0~dfsg-3ubuntu1.5", "nodejs": "10.19.0~dfsg-3ubuntu1.5", "libnode-dev": "10.19.0~dfsg-3ubuntu1.5", "nodejs-dbgsym": "10.19.0~dfsg-3ubuntu1.5" } ] }
{ "availability": "No subscription required", "binaries": [ { "nodejs-doc": "12.22.9~dfsg-1ubuntu3.4", "libnode72": "12.22.9~dfsg-1ubuntu3.4", "nodejs": "12.22.9~dfsg-1ubuntu3.4", "libnode-dev": "12.22.9~dfsg-1ubuntu3.4", "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3.4", "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3.4" } ] }
{ "availability": "No subscription required", "binaries": [ { "libnode108": "18.13.0+dfsg1-1ubuntu2.1", "libnode108-dbgsym": "18.13.0+dfsg1-1ubuntu2.1", "nodejs": "18.13.0+dfsg1-1ubuntu2.1", "libnode-dev": "18.13.0+dfsg1-1ubuntu2.1", "nodejs-doc": "18.13.0+dfsg1-1ubuntu2.1", "nodejs-dbgsym": "18.13.0+dfsg1-1ubuntu2.1" } ] }