Medium: nodejs20

🗓️ 21 Mar 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 5 Views

c-ares vulnerability in nodejs20 can cause crashes; update to version 1.27.0 to fix it.

Reporter	Title	Published	Views	Family All 262
FreeBSD	dns/c-ares -- malformatted file causes application crash	23 Feb 202400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	4 Feb 202520:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	18 Sep 202410:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities	17 Sep 202513:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares	4 Dec 202513:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	3 Jun 202410:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Buffer Under-read in the RHEL UBI (CVE-2024-25629)	5 Aug 202420:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	12 Aug 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares (CVE-2024-25629)	9 May 202412:34	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-562)	21 Mar 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	nodejs20-libs-debuginfo	20.11.1-1.amzn2023.0.2	nodejs20-libs-debuginfo-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-full-i18n	20.11.1-1.amzn2023.0.2	nodejs20-full-i18n-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-devel	20.11.1-1.amzn2023.0.2	nodejs20-devel-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	v8-11.3-devel	11.3.244.8-1.20.11.1.1.amzn2023.0.2	v8-11.3-devel-11.3.244.8-1.20.11.1.1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20	20.11.1-1.amzn2023.0.2	nodejs20-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-debuginfo	20.11.1-1.amzn2023.0.2	nodejs20-debuginfo-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-libs	20.11.1-1.amzn2023.0.2	nodejs20-libs-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-npm	10.2.4-1.20.11.1.1.amzn2023.0.2	nodejs20-npm-10.2.4-1.20.11.1.1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	aarch64	nodejs20-debugsource	20.11.1-1.amzn2023.0.2	nodejs20-debugsource-20.11.1-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	noarch	nodejs20-docs	20.11.1-1.amzn2023.0.2	nodejs20-docs-20.11.1-1.amzn2023.0.2.noarch.rpm

21 Mar 2024 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.14.4 - 5.5

EPSS0.00055

SSVC

c-ares vulnerability nodejs20 crash update