CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-23936 – CRLF Injection in Nodejs ‘undici’ via host
https://notcve.org/view.php?id=CVE-2023-23936
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. • https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 https://github.com/nodejs/undici/releases/tag/v5.19.1 https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff https://hackerone.com/reports/1820955 https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43548 – nodejs: DNS rebinding in inspect via invalid octal IP address
https://notcve.org/view.php?id=CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. Existe una vulnerabilidad de inyección de comandos del Sistema Operativo en las versiones de Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 debido a una verificación insuficiente de IsAllowedHost que se puede omitir fácilmente porque IsIPAddress no lo hace correctamente. verifique si una dirección IP no es válida antes de realizar solicitudes de DBS que permitan volver a vincular ataques. La solución para este problema en https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 estaba incompleta y esto El nuevo CVE es para completar la solución. • https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html https://nodejs.org/en/blog/vulnerability/november-2022-security-releases https://security.netapp.com/advisory/ntap-20230120-0004 https://security.netapp.com/advisory/ntap-20230427-0007 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 7.5EPSS: 10%CPEs: 9EXPL: 4CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. • https://github.com/colmmacc/CVE-2022-3602 https://github.com/eatscrayon/CVE-2022-3602-poc https://github.com/corelight/CVE-2022-3602 https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html http://www.openwall.com/lists/oss-security/2022/11/01/15 http://www.openwall.com/lists/oss-security/2022/11/01/16 http://www.openwall.com/lists/oss-security/2022/11/01/17 http://www&# • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. • https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a https://www.openssl.org/news/secadv/20221101.txt https://access.redhat.com/security/cve/CVE-2022-3786 https://bugzilla.redhat.com/show_bug.cgi?id=2139104 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 1CVE-2022-35255 – nodejs: weak randomness in WebCrypto keygen
https://notcve.org/view.php?id=CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Existe una aleatoriedad débil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene éxito, pero puede (y a veces fallará). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptográficamente sólidos y, por lo tanto, no son adecuados como material de claves. A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1690000 https://security.netapp.com/advisory/ntap-20230113-0002 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-35255 https://bugzilla.redhat.com/show_bug.cgi?id=2130517 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •