- Vulnerability/
- USN-6380-1
USN-6380-1: Node.js vulnerabilities
First published: Tue Sep 19 2023(Updated: )
Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15604) Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15605) Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-15606) Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8174) It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-8265, CVE-2020-8287)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libnode-dev | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libnode64 | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/nodejs | <10.19.0~dfsg-3ubuntu1.1 | 10.19.0~dfsg-3ubuntu1.1 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/nodejs | <8.10.0~dfsg-2ubuntu0.4+esm2 | 8.10.0~dfsg-2ubuntu0.4+esm2 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/nodejs-dev | <8.10.0~dfsg-2ubuntu0.4+esm2 | 8.10.0~dfsg-2ubuntu0.4+esm2 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/nodejs | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/nodejs-dev | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/nodejs-legacy | <4.2.6~dfsg-1ubuntu4.2+esm2 | 4.2.6~dfsg-1ubuntu4.2+esm2 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-15604
- https://ubuntu.com/security/CVE-2019-15606
- https://ubuntu.com/security/CVE-2020-8265
- https://ubuntu.com/security/CVE-2019-15605
- https://ubuntu.com/security/CVE-2020-8287
- https://ubuntu.com/security/CVE-2020-8174
- https://ubuntu.com/security/notices/USN-5563-1
- https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.1
- https://ubuntu.com/security/notices/USN-6380-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of this Node.js vulnerability?
The vulnerability ID of this Node.js vulnerability is USN-6380-1.
What is the severity of the Node.js vulnerability?
The severity of the Node.js vulnerability is not specified.
How does the Node.js vulnerability affect Ubuntu 16.04 LTS?
The Node.js vulnerability affects Ubuntu 16.04 LTS and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
How does the Node.js vulnerability affect Ubuntu 18.04?
The Node.js vulnerability affects Ubuntu 18.04 and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
How does the Node.js vulnerability affect Ubuntu 20.04?
The Node.js vulnerability affects Ubuntu 20.04 and can be exploited by tricking a user or an automated system into opening a specially crafted input file, potentially causing a denial of service.
How do I fix the Node.js vulnerability in Ubuntu 16.04 LTS?
To fix the Node.js vulnerability in Ubuntu 16.04 LTS, update the libnode-dev, nodejs, nodejs-dev, nodejs-legacy packages to version 10.19.0~dfsg-3ubuntu1.1 or later.
How do I fix the Node.js vulnerability in Ubuntu 18.04?
To fix the Node.js vulnerability in Ubuntu 18.04, update the nodejs, nodejs-dev packages to version 8.10.0~dfsg-2ubuntu0.4+esm2 or later.
How do I fix the Node.js vulnerability in Ubuntu 20.04?
To fix the Node.js vulnerability in Ubuntu 20.04, update the libnode-dev, nodejs packages to version 10.19.0~dfsg-3ubuntu1.1 or later.
Where can I find more information about this Node.js vulnerability?
More information about this Node.js vulnerability can be found at the following links: [CVE-2019-15604](https://ubuntu.com/security/CVE-2019-15604), [CVE-2019-15606](https://ubuntu.com/security/CVE-2019-15606), [CVE-2020-8265](https://ubuntu.com/security/CVE-2020-8265).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5563-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04