First published: Tue Sep 19 2023(Updated: )
Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15604) Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15605) Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15606) Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8174) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-8265, CVE-2020-8287)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnode-dev | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/libnode64 | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/nodejs | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/nodejs | <8.10.0~dfsg-2ubuntu0.4+esm2 | 8.10.0~dfsg-2ubuntu0.4+esm2 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/nodejs-dev | <8.10.0~dfsg-2ubuntu0.4+esm2 | 8.10.0~dfsg-2ubuntu0.4+esm2 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/nodejs | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/nodejs-dev | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/nodejs-legacy | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID of this Node.js vulnerability is USN-6380-1.
The severity of the Node.js vulnerability is not specified.
The Node.js vulnerability affects Ubuntu 16.04 LTS and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
The Node.js vulnerability affects Ubuntu 18.04 and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
The Node.js vulnerability affects Ubuntu 20.04 and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
To fix the Node.js vulnerability in Ubuntu 16.04 LTS, update the libnode-dev, nodejs, nodejs-dev, nodejs-legacy packages to version 10.19.0~dfsg-3ubuntu1.1 or later.
To fix the Node.js vulnerability in Ubuntu 18.04, update the nodejs, nodejs-dev packages to version 8.10.0~dfsg-2ubuntu0.4+esm2 or later.
To fix the Node.js vulnerability in Ubuntu 20.04, update the libnode-dev, nodejs packages to version 10.19.0~dfsg-3ubuntu1.1 or later.
More information about this Node.js vulnerability can be found at the following links: [CVE-2019-15604](https://ubuntu.com/security/CVE-2019-15604), [CVE-2019-15606](https://ubuntu.com/security/CVE-2019-15606), [CVE-2020-8265](https://ubuntu.com/security/CVE-2020-8265).