Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15604

Опубликовано: 07 фев. 2020
Источник: redhat
CVSS3: 5.9

Описание

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Quay 3nodejsNot affected
Red Hat Enterprise Linux 8nodejsFixedRHSA-2020:057925.02.2020
Red Hat Enterprise Linux 8nodejsFixedRHSA-2020:059825.02.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsnodejsFixedRHSA-2020:057324.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs10-nodejsFixedRHSA-2020:059725.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs12-nodejsFixedRHSA-2020:060225.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-nodejs10-nodejsFixedRHSA-2020:059725.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUSrh-nodejs12-nodejsFixedRHSA-2020:060225.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-nodejs10-nodejsFixedRHSA-2020:059725.02.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-nodejs12-nodejsFixedRHSA-2020:060225.02.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-172
https://bugzilla.redhat.com/show_bug.cgi?id=1800367nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15604

CVSS3: 7.5
ubuntu
больше 5 лет назад

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

nvd логотип

CVE-2019-15604

CVSS3: 7.5
nvd
больше 5 лет назад

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

debian логотип

CVE-2019-15604

CVSS3: 7.5
debian
больше 5 лет назад

Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...

github логотип

GHSA-4p8g-wmmc-p9f7

CVSS3: 7.5
github
около 3 лет назад

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

suse-cvrf логотип

openSUSE-SU-2020:0293-1

suse-cvrf
больше 5 лет назад

Security update for nodejs8

5.9 Medium

CVSS3