Node.js@12.12.0 Security Vulnerabilities and Issues — Node.js@12.12.0 CVE List

NodejsNode.js12.12.0

7 matches found

CVE•added 2022/03/15 5:5 p.m.•1343 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS

In wildWeb

CVE•added 2020/12/08 3:30 p.m.•1173 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS

CVE•added 2020/06/03 12:0 a.m.•818 views

CVE-2020-11080

In nghttp2, CVE-2020-11080 is a denial-of-service vulnerability caused by an overly large HTTP/2 SETTINGS frame payload in versions before 1.41.0. A PoC repeatedly sends a 14,400-byte SETTINGS frame (2400 settings entries), spiking CPU. The issue is mitigated by upgrading to nghttp2 1.41.0 or lat...

7.5CVSS6.5AI score0.05316EPSS

CVE•added 2021/03/25 2:25 p.m.•802 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.63542EPSS

CVE•added 2021/02/16 4:55 p.m.•793 views

CVE-2021-23840

CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...

7.5CVSS8AI score0.50732EPSS

CVE•added 2021/11/23 12:0 a.m.•530 views

CVE-2021-3672

CVE-2021-3672 affects the c-ares library. A missing input validation check for host names returned by DNS can lead to domain hijacking, impacting confidentiality, integrity, and availability. Connected documents confirm this across multiple vendors/distributions (Astra Linux, AlmaLinux, Red Hat a...

6.8CVSS5.9AI score0.02617EPSS

CVE•added 2021/08/16 12:0 a.m.•441 views

CVE-2021-22931

CVE-2021-22931 concerns Node.js DNS hostname handling. Public docs indicate vulnerability due to missing input validation of host names returned by DNS, which can cause domain hijacking and enable injection in applications using the DNS library. Affected software includes Node.js releases prior t...

9.8CVSS9.9AI score0.21952EPSS