CVE-2022-35255 – nodejs: weak randomness in WebCrypto keygen
https://notcve.org/view.php?id=CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Existe una aleatoriedad débil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene éxito, pero puede (y a veces fallará). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptográficamente sólidos y, por lo tanto, no son adecuados como material de claves. A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1690000 https://security.netapp.com/advisory/ntap-20230113-0002 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-35255 https://bugzilla.redhat.com/show_bug.cgi?id=2130517 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2022-35256 – nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
https://notcve.org/view.php?id=CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. El analizador llhttp en el módulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tráfico ilegal de solicitudes HTTP. A vulnerability was found in NodeJS due to improper validation of HTTP requests. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1675191 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-35256 https://bugzilla.redhat.com/show_bug.cgi?id=2130518 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2022-32223
https://notcve.org/view.php?id=CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. Node.js es vulnerable a un Flujo de Ejecución de Secuestro: Secuestro de DLL bajo determinadas condiciones en plataformas Windows. Esta vulnerabilidad puede ser explotada si la víctima presenta las siguientes dependencias en una máquina Windows:* OpenSSL ha sido instalada y "C:\Program Files\Common Files\SSL\openssl.cnf" se presenta. Siempre que sean dadas las condiciones anteriores, "node.exe" buscará "providers.dll" en el directorio actual del usuario. Después, "node.exe" intentará buscar "providers.dll" mediante el orden de búsqueda de DLL en Windows. • https://hackerone.com/reports/1447455 https://nodejs.org/en/blog/vulnerability/july-2022-security-releases https://security.netapp.com/advisory/ntap-20220915-0001 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-32214 – nodejs: HTTP request smuggling due to improper delimiting of header fields
https://notcve.org/view.php?id=CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). El parser llhttp anteriores a la versión v14.20.1, anteriores a la versión v16.17.1 y anteriores a la versión v18.9.1 del módulo http en Node.js no utiliza estrictamente la secuencia CRLF para delimitar las peticiones HTTP. Esto puede llevar a un contrabando de peticiones HTTP (HRS) A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). • https://hackerone.com/reports/1524692 https://nodejs.org/en/blog/vulnerability/july-2022-security-releases https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-32214 https://bugzilla.redhat.com/show_bug.cgi?id=2105428 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2022-32215 – nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
https://notcve.org/view.php?id=CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). El parser llhttp anteriores a la versión v14.20.1, anteriores a la versión v16.17.1 y anteriores a la versión v18.9.1 del módulo http en Node.js no maneja correctamente las cabeceras Transfer-Encoding de varias líneas. Esto puede llevar al contrabando de solicitudes HTTP (HRS) A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS). • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1501679 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY https://nodejs.org/en/blog/vulnerability/july-2022-security-releases • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •