Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2022-35255

Published: 05/12/2022 Updated: 01/03/2023
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Node.js

Vulnerability Summary

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nodejs node.js

siemens sinec ins 1.0

siemens sinec ins

debian debian linux 11.0

Vendor Advisories

Red Hat: Important: nodejs:18 security update
Synopsis Important: nodejs:18 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...
Red Hat: Important: nodejs security update
Synopsis Important: nodejs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Important: nodejs:16 security update
Synopsis Important: nodejs:16 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upda ...
Debian Security Advisories: DSA-5326-1 nodejs -- security update
Multiple vulnerabilities were discovered in Nodejs, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup For the stable distribution (bullseye), these problems have been fixed in version 122212~dfsg-1~deb11u3 We recommend that you upgrade your nodejs packages For the detailed security st ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Amazon Linux 2022: ALAS-2023-286
ALAS-2023-286 Amazon Linux 2022 Security Advisory: ALAS-2023-286 Advisory Release Date: 2023-01-31 21:11 Pacific Advisory Updated Date: 2023-01-31 21:11 Pac ...

ICS Advisories

Siemens SINEC INS

References

CWE-338https://hackerone.com/reports/1690000https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfhttps://security.netapp.com/advisory/ntap-20230113-0002/https://www.debian.org/security/2023/dsa-5326https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:7821https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-03https://www.debian.org/security/2023/dsa-5326
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook