CVE-2019-15604
CVE-2019-15604
In short
Node.js versions 10, 12, and 13 do not properly validate X.509 certificates, allowing an attacker to send a specially crafted certificate that crashes the application.
Technical detail
CWE-295 vulnerability in Node.js certificate validation logic allows an unauthenticated remote attacker to trigger a process abort by sending a malformed X.509 certificate, resulting in denial of service through improper validation of certificate structure or integrity.
Summary generated and translated by AI from the official description.
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
Affected products
NodeJS · NodeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.htmlhttps://access.redhat.com/errata/RHSA-2020:0573https://access.redhat.com/errata/RHSA-2020:0579https://access.redhat.com/errata/RHSA-2020:0597https://access.redhat.com/errata/RHSA-2020:0598https://access.redhat.com/errata/RHSA-2020:0602https://hackerone.com/reports/746733https://nodejs.org/en/blog/release/v10.19.0/https://nodejs.org/en/blog/release/v12.15.0/https://nodejs.org/en/blog/release/v13.8.0/https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/https://security.gentoo.org/glsa/202003-48