CVE-2022-35255
nodejs: weak randomness in WebCrypto keygen
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
Existe una aleatoriedad débil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene éxito, pero puede (y a veces fallará). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptográficamente sólidos y, por lo tanto, no son adecuados como material de claves.
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. Node.js made calls to EntropySource() in SecretKeyGenTraits::DoKeyGen(). However, it does not check the return value and assumes the EntropySource() always succeeds, but it can and sometimes will fail. This flaw allows a remote attacker to decrypt sensitive information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-06 CVE Reserved
- 2022-10-18 CVE Published
- 2024-06-27 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20230113-0002 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://hackerone.com/reports/1690000 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2023/dsa-5326 | 2023-03-01 | |
https://access.redhat.com/security/cve/CVE-2022-35255 | 2022-11-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2130517 | 2022-11-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 15.0.0 <= 15.14.0 Search vendor "Nodejs" for product "Node.js" and version " >= 15.0.0 <= 15.14.0" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 16.0.0 <= 16.12.0 Search vendor "Nodejs" for product "Node.js" and version " >= 16.0.0 <= 16.12.0" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 16.13.0 < 16.17.1 Search vendor "Nodejs" for product "Node.js" and version " >= 16.13.0 < 16.17.1" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 18.0.0 < 18.9.1 Search vendor "Nodejs" for product "Node.js" and version " >= 18.0.0 < 18.9.1" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | < 1.0 Search vendor "Siemens" for product "Sinec Ins" and version " < 1.0" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | sp1 |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | sp2 |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
|