Lucene search
HackeroneCVELIST:CVE-2023-46809HistorySep 07, 2024 - 4:03 p.m.
CVE-2023-46809
2024-09-0716:03:32
hackerone
www.cve.org
7
node.js
openssl
marvin attack
pkcs #1
rsa decryption
EPSS
0
Percentile
9.5%
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Node",
"product": "https://github.com/nodejs/node",
"versions": [
{
"version": "21.6.0",
"status": "affected",
"lessThanOrEqual": "21.6.0",
"versionType": "semver"
},
{
"version": "20.11.0",
"status": "affected",
"lessThanOrEqual": "20.11.0",
"versionType": "semver"
},
{
"version": "18.19.0",
"status": "affected",
"lessThanOrEqual": "18.19.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-46809
2024-09-07 16:03:32
ubuntucve
ubuntucve
CVE-2023-46809
2024-02-19 00:00:00
nvd
nvd
CVE-2023-46809
2024-09-07 16:15:02
veracode
veracode
Timing Side Channel Attack
2024-02-21 19:07:23
osv
osv
CVE-2023-46809
2024-09-07 16:15:02
BIT-node-2023-46809
2024-09-11 07:20:44
Important: nodejs:18 security update
2024-03-27 04:34:32
hackerone
hackerone
redhatcve
redhatcve
CVE-2023-46809
2024-02-16 17:21:14
cve
cve
CVE-2023-46809
2024-09-07 16:15:02
debiancve
debiancve
CVE-2023-46809
2024-09-07 16:15:02
redos
redos
ROS-20240916-04
2024-09-16 00:00:00
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1932) Important: nodejs:18 security update
2024-04-22 00:56:14
(RHSA-2024:1503) Important: nodejs:18 security update
2024-03-25 19:54:22
ibm
ibm
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs:20 security update
2024-05-06 13:05:29
nessus
nessus
RHEL 8 : nodejs:18 (RHSA-2024:1510)
2024-03-26 00:00:00
Oracle Linux 9 : nodejs:18 (ELSA-2024-1503)
2024-03-26 00:00:00
Photon OS 3.0: Nodejs PHSA-2024-3.0-0738
2024-07-24 00:00:00
debian
debian
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:40:58
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3776-1)
2024-03-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
f5
f5
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
nodejsblog
nodejsblog
Wednesday February 14 2024 Security Releases
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0586
2024-03-29 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0738
2024-03-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00