Published: 28/11/2023 Updated: 27/03/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js

Debian Bug report logs - #1039990 nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 30 Jun 2023 17:21:02 UTC ...

Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

Synopsis Important: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...

Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

Synopsis Moderate: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...

Synopsis Important: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 86 Extended Update ...

Description This CVE is under investigation by Red Hat Product Security ...

Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590 Affected products and versions are listed below Please upgrade your version to the appropriate versio ...

Critical Infrastructure Sectors: Critical Manufacturing

NVD-CWE-Other https://nodejs.org/en/blog/vulnerability/june-2023-security-releases https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://access.redhat.com/security/cve/cve-2023-30590

CVE-2023-30590

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect