First published: Thu Jul 14 2022(Updated: )
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nodejs Node.js | >=14.0.0<=14.14.0 | |
Nodejs Node.js | >=14.14.0<14.20.0 | |
Nodejs Node.js | >=16.0.0<=16.12.0 | |
Nodejs Node.js | >=16.13.0<16.16.0 | |
Nodejs Node.js | >=18.0.0<18.0.5 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32223 is a vulnerability in Node.js that allows hijacking the execution flow through DLL hijacking on Windows platforms.
The severity of CVE-2022-32223 is high, with a CVSS score of 7.3.
CVE-2022-32223 can be exploited if the victim has specific dependencies on a Windows machine, including having OpenSSL installed and a particular file path present.
Node.js versions 14.0.0 to 14.14.0 (inclusive), versions 14.14.0 to 14.20.0 (exclusive) with LTS tag, versions 16.0.0 to 16.12.0 (inclusive), versions 16.13.0 to 16.16.0 (exclusive) with LTS tag, and versions 18.0.0 to 18.0.5 (exclusive) are affected by CVE-2022-32223.
Users should upgrade their Node.js installations to the patched versions mentioned in the security advisories.