Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
References
Configurations
No configuration.
History
09 Sep 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-385 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-07 16:15
Updated : 2024-09-09 18:35
NVD link : CVE-2023-46809
Mitre link : CVE-2023-46809
CVE.ORG link : CVE-2023-46809
JSON object : View
Products Affected
No product.
CWE
CWE-385
Covert Timing Channel