CVE-2023-30588

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

History

21 Jun 2024, 19:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240621-0006/ -

04 Dec 2023, 17:40

Type Values Removed Values Added
References () https://nodejs.org/en/blog/vulnerability/june-2023-security-releases - () https://nodejs.org/en/blog/vulnerability/june-2023-security-releases - Vendor Advisory
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo

28 Nov 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-28 20:15

Updated : 2024-06-21 19:15


NVD link : CVE-2023-30588

Mitre link : CVE-2023-30588

CVE.ORG link : CVE-2023-30588


JSON object : View

Products Affected

nodejs

  • node.js