7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.4%
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1,
<16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error
stack after operations that may set it. This may lead to false positive
errors during subsequent cryptographic operations that happen to be on the
same thread. This in turn could be used to cause a denial of service.
github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
hackerone.com/reports/1808596
launchpad.net/bugs/cve/CVE-2023-23919
nodejs.org/en/blog/vulnerability/february-2023-security-releases/
nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919
nvd.nist.gov/vuln/detail/CVE-2023-23919
security-tracker.debian.org/tracker/CVE-2023-23919
ubuntu.com/security/notices/USN-6672-1
www.cve.org/CVERecord?id=CVE-2023-23919
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.4%