What is the vulnerability ID for this Node.js vulnerability?

The vulnerability ID for this Node.js vulnerability is CVE-2023-30588.

What is the severity of CVE-2023-30588?

The severity of CVE-2023-30588 is medium with a severity score of 5.3.

How does this vulnerability impact Node.js?

This vulnerability could be exploited by accessing public key info of provided certificates to force interruptions of application processing and cause a denial of service.

How can I fix this vulnerability?

To fix this vulnerability, update your Node.js installation to the latest version available.

Vulnerability/
CVE-2023-30588

medium

5.3

5/7/2023

28/11/2023

26/2/2024

CVE-2023-30588

Q: What is the title of this vulnerability?

The title of this vulnerability is 'Node.js is vulnerable to a denial of service caused by invalid public key information in x509 certificates.'

First published: Wed Jul 05 2023(Updated: )

Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By accessing public key info of provided certificates from user code, an attacker could exploit this vulnerability to force interruptions of application processing and cause a denial of service.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Nodejs Node.js	>=16.0.0<16.20.1
Nodejs Node.js	>=18.0.0<18.16.1
Nodejs Node.js	>=20.0.0<20.3.1
IBM Cognos Analytics	<=12.0.0-12.0.1
IBM Cognos Analytics	<=11.2.0-11.2.4 FP2
IBM Cognos Analytics	<=11.1.1-11.1.7 FP7
ubuntu/nodejs	<18.13.0+dfsg1-1ubuntu2.2	18.13.0+dfsg1-1ubuntu2.2
debian/nodejs	<=18.13.0+dfsg1-1	10.24.0~dfsg-1~deb10u1 10.24.0~dfsg-1~deb10u4 12.22.12~dfsg-1~deb11u4 18.19.0+dfsg-6~deb12u1 18.20.1+dfsg-4 20.13.1+dfsg-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID for this Node.js vulnerability?
The vulnerability ID for this Node.js vulnerability is CVE-2023-30588.
What is the title of this vulnerability?
The title of this vulnerability is 'Node.js is vulnerable to a denial of service caused by invalid public key information in x509 certificates.'
What is the severity of CVE-2023-30588?
The severity of CVE-2023-30588 is medium with a severity score of 5.3.
How does this vulnerability impact Node.js?
This vulnerability could be exploited by accessing public key info of provided certificates to force interruptions of application processing and cause a denial of service.
How can I fix this vulnerability?
To fix this vulnerability, update your Node.js installation to the latest version available.

collector/mitre-cve
collector/nvd-api
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-30588
agent/severity
agent/author
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
collector/nvd-cve
source/NVD
vendor/nodejs
canonical/nodejs node.js
version/nodejs node.js/16.0.0
version/nodejs node.js/18.0.0
version/nodejs node.js/20.0.0
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.1
version/ibm cognos analytics/11.2.0-11.2.4 fp2
version/ibm cognos analytics/11.1.1-11.1.7 fp7
package-manager/ubuntu
package-manager/debian

CVE-2023-30588

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the vulnerability ID for this Node.js vulnerability?

What is the title of this vulnerability?

What is the severity of CVE-2023-30588?

How does this vulnerability impact Node.js?

How can I fix this vulnerability?

Company

Resources

Contact