CVE-2023-30588
First published: Wed Jul 05 2023(Updated: )
Last updated 24 July 2024
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Dashboards on Cloud Pak for Data | <=4.7.0 | |
| debian/nodejs | 12.22.12~dfsg-1~deb11u4 12.22.12~dfsg-1~deb11u5 18.19.0+dfsg-6~deb12u2 18.19.0+dfsg-6~deb12u1 20.17.0+dfsg-2 | |
| Node.js | >=16.0.0<16.20.1 | |
| Node.js | >=18.0.0<18.16.1 | |
| Node.js | >=20.0.0<20.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220777
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220775
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220774
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220776
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220773
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220772
- https://access.redhat.com/errata/RHSA-2023:4331
- https://access.redhat.com/errata/RHSA-2023:4330
- https://access.redhat.com/errata/RHSA-2023:4536
- https://access.redhat.com/errata/RHSA-2023:4537
- https://access.redhat.com/security/cve/cve-2023-30588
- https://access.redhat.com/errata/RHSA-2023:5361
- https://access.redhat.com/errata/RHSA-2023:5533
- https://bugzilla.redhat.com/show_bug.cgi?id=2219838
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://launchpad.net/bugs/cve/CVE-2023-30588
- https://exchange.xforce.ibmcloud.com/vulnerabilities/258623
- https://www.ibm.com/support/pages/node/7031207 (Advisory)
- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#process-interuption-due-to-invalid-public-key-information-in-x509-certificates-medium-cve-2023-30588
- https://hackerone.com/reports/1884159
- https://github.com/nodejs/node/commit/5a92ea7a3b6210f04c902e177f9dc673ae866393
- https://security-tracker.debian.org/tracker/CVE-2023-30588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588
- https://nvd.nist.gov/vuln/detail/CVE-2023-30588
- https://ubuntu.com/security/CVE-2023-30588
Frequently Asked Questions
What is the vulnerability ID for this Node.js vulnerability?
The vulnerability ID for this Node.js vulnerability is CVE-2023-30588.
What is the title of this vulnerability?
The title of this vulnerability is 'Node.js is vulnerable to a denial of service caused by invalid public key information in x509 certificates.'
What is the severity of CVE-2023-30588?
The severity of CVE-2023-30588 is medium with a severity score of 5.3.
How does this vulnerability impact Node.js?
This vulnerability could be exploited by accessing public key info of provided certificates to force interruptions of application processing and cause a denial of service.
How can I fix this vulnerability?
To fix this vulnerability, update your Node.js installation to the latest version available.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-30588
- agent/severity
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- vendor/ibm
- canonical/ibm cognos dashboards on cloud pak for data
- version/ibm cognos dashboards on cloud pak for data/4.7.0
- package-manager/debian
- vendor/nodejs
- canonical/node.js
- version/node.js/16.0.0
- version/node.js/18.0.0
- version/node.js/20.0.0