Lucene search
HackeroneVULNRICHMENT:CVE-2023-46809HistorySep 07, 2024 - 4:03 p.m.
CVE-2023-46809
2024-09-0716:03:32
hackerone
github.com
13
node.js
openssl
marvin attack
pkcs #1 v1.5 padding
rsa decryption
private key
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"vendor": "nodejs",
"product": "nodejs",
"versions": [
{
"status": "affected",
"version": "18.0",
"versionType": "semver",
"lessThanOrEqual": "18.19.0"
},
{
"status": "affected",
"version": "20.0",
"versionType": "semver",
"lessThanOrEqual": "20.11.0"
},
{
"status": "affected",
"version": "21.0",
"versionType": "semver",
"lessThanOrEqual": "21.6.0"
}
],
"defaultStatus": "unaffected"
}
]Related
veracode
veracode
Timing Side Channel Attack
2024-02-21 19:07:23
nvd
nvd
CVE-2023-46809
2024-09-07 16:15:02
osv
osv
CVE-2023-46809
2024-09-07 16:15:02
BIT-node-2023-46809
2024-09-11 07:20:44
Important: nodejs:18 security update
2024-03-27 04:34:32
hackerone
hackerone
ubuntucve
ubuntucve
CVE-2023-46809
2024-02-19 00:00:00
redhatcve
redhatcve
CVE-2023-46809
2024-02-16 17:21:14
cvelist
cvelist
CVE-2023-46809
2024-09-07 16:03:32
cve
cve
CVE-2023-46809
2024-09-07 16:15:02
redos
redos
ROS-20240916-04
2024-09-16 00:00:00
debiancve
debiancve
CVE-2023-46809
2024-09-07 16:15:02
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1510) Important: nodejs:18 security update
2024-03-26 09:07:37
(RHSA-2024:1932) Important: nodejs:18 security update
2024-04-22 00:56:14
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
ibm
ibm
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
nessus
nessus
Rocky Linux 8 : nodejs:18 (RLSA-2024:1510)
2024-03-27 00:00:00
Photon OS 3.0: Nodejs PHSA-2024-3.0-0738
2024-07-24 00:00:00
RHEL 8 : nodejs:18 (RHSA-2024:1510)
2024-03-26 00:00:00
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs:20 security update
2024-05-06 13:05:29
debian
debian
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:40:58
f5
f5
openvas
openvas
Debian: Security Advisory (DLA-3776-1)
2024-03-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0732-1)
2024-03-01 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
nodejsblog
nodejsblog
Wednesday February 14 2024 Security Releases
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0586
2024-03-29 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0738
2024-03-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
AI Score
6.4
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2023-46809