Lucene search
Redhat.comRH:CVE-2023-46809HistoryFeb 16, 2024 - 5:21 p.m.
CVE-2023-46809
2024-02-1617:21:14
redhat.com
access.redhat.com
35
node.js
crypto library
timing side-channel
pkcs#1 v1.5 padding
decryption
rsa ciphertexts
signature forging
api endpoints
json web encryption
6.4 Medium
AI Score
Confidence
Low
A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.
Mitigation
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Related
ubuntucve
ubuntucve
CVE-2023-46809
2024-02-19 00:00:00
hackerone
hackerone
veracode
veracode
Timing Side Channel Attack
2024-02-21 19:07:23
debiancve
debiancve
CVE-2023-46809
2024-02-15 04:18:13
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1510) Important: nodejs:18 security update
2024-03-26 09:07:37
(RHSA-2024:1932) Important: nodejs:18 security update
2024-04-22 00:56:14
ibm
ibm
nessus
nessus
RHEL 8 : nodejs:18 (RHSA-2024:1510)
2024-03-26 00:00:00
Oracle Linux 9 : nodejs:18 (ELSA-2024-1503)
2024-03-26 00:00:00
Rocky Linux 9 : nodejs:18 (RLSA-2024:1503)
2024-03-27 00:00:00
debian
debian
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:41:25
osv
osv
Important: nodejs:18 security update
2024-03-27 04:34:32
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:18 security update
2024-03-25 00:00:00
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs:20 security update
2024-05-06 13:05:29
f5
f5
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3776-1)
2024-03-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00