What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-6457-1.

What is the severity level of this vulnerability?

The severity level of this vulnerability is not specified in the advisory.

What software is affected by this vulnerability?

The affected software includes libnode-dev, libnode72, nodejs, and nodejs-doc.

What is the remedy for this vulnerability?

The recommended remedy for this vulnerability is to update to version 12.22.9~dfsg-1ubuntu3.1.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Ubuntu Security Notices website.

Vulnerability/
USN-6457-1

30/10/2023

USN-6457-1: Node.js vulnerabilities

First published: Mon Oct 30 2023(Updated: )

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-0778) Elison Niven discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-1292) Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2068) Alex Chernyakhovsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2097)

Affected Software	Affected Version	How to fix
All of
ubuntu/libnode-dev	<12.22.9~dfsg-1ubuntu3.1	12.22.9~dfsg-1ubuntu3.1
	=22.04
All of
ubuntu/libnode72	<12.22.9~dfsg-1ubuntu3.1	12.22.9~dfsg-1ubuntu3.1
	=22.04
All of
ubuntu/nodejs	<12.22.9~dfsg-1ubuntu3.1	12.22.9~dfsg-1ubuntu3.1
	=22.04
All of
ubuntu/nodejs-doc	<12.22.9~dfsg-1ubuntu3.1	12.22.9~dfsg-1ubuntu3.1
	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6457-1.
What is the severity level of this vulnerability?
The severity level of this vulnerability is not specified in the advisory.
What software is affected by this vulnerability?
The affected software includes libnode-dev, libnode72, nodejs, and nodejs-doc.
What is the remedy for this vulnerability?
The recommended remedy for this vulnerability is to update to version 12.22.9~dfsg-1ubuntu3.1.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Ubuntu Security Notices website.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/title
agent/description
agent/event
agent/references
agent/tags
collector/usn
source/Ubuntu
anchor-related/USN-5328-1
anchor-related/USN-5328-2
anchor-related/USN-5402-1
anchor-related/USN-5402-2
anchor-related/USN-7018-1
anchor-related/USN-7060-1
anchor-related/USN-5502-1
anchor-related/USN-5488-1
anchor-related/USN-5488-2
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04