CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%
Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific security-related defects.
The OpenSSL security fixes included in these updates that impact Node.js are:
Details on each of these can be found in the original post below.
Additionally, OpenSSL 1.0.2j was released yesterday and included a fix for CVE-2016-7052. This flaw was introduced in last week’s 1.0.2i release, and therefore does not directly impact Node.js.
Also included, are a number of fixes unrelated to the recent OpenSSL releases.
This is a high severity defect that would allow a malicious TLS server to serve an invalid wildcard certificate for its hostname and be improperly validated by a Node.js client. This is due to a flaw in the validation of *.
in the wildcard name string.
Originally reported by Alexander Minozhenko and James Bunton (Atlassian).
All versions of Node.js are affected.
reason
argument in ServerResponse#writeHead()
not properly validatedThis is a low severity security defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason
argument to writeHead()
on an HTTP response, a new-line character may be used to inject additional responses.
The fix for this defect introduces a new case where throw
may occur when configuring HTTP responses. Users should already be adopting try/catch here.
This was originally reported independently by Evan Lucas and Romain Gaucher.
All versions of Node.js are affected.
This is a low severity security defect. By default, OpenSSL will load a list of third-party engine modules when the ENGINE_load_builtin_engines()
function is used. These are normally not present on a user’s system. An attacker may be able to make Node.js load malicious code by masquerading it as one of the dynamic engine modules.
This defect primarily impacts Windows due to the standard DLL search paths. However, Unix users may also be at risk with a poorly configured LD_LIBRARY_PATH
environment variable or /etc/ld.so.conf path list.
Originally reported by Ahmed Zaki (Skype).
Please note that this may be the final release of the v0.10 line as support ends in October. Please upgrade to v4 or above if you have not already done so.
Original post is included below
The Node.js project has scheduled updates for all of its active release lines to patch a number of security flaws. These flaws include some of those announced by the OpenSSL project as well as a number of Node.js-specific issues. We do not consider any of these updates to be critical. However, it is strongly recommended that all production instances of Node.js be upgraded when the releases are made available.
We intend to make releases available on or soon after the evening of Tuesday, the 27th of September, 2016, UTC (midday US time).
We consider some of the patches in these releases to be API breaking changes which would normally warrant an increase in the major-version number of Node.js. However, in accordance with our security procedures, we will be delivering these changes in minor-version increases (the y in x.y.z) where appropriate, and patch-version increases in v0.10 an v0.12 releases.
These are the expected version numbers for the releases:
Additional notes:
Included in these releases will be a number of fixes unrelated to the recent OpenSSL releases. These include:
Full disclosure of fixed vulnerabilities will be provided after all releases are made available for download.
The OpenSSL project has announced the general availability of versions 1.0.2i (to be included in Node.js v4 and above) and 1.0.1u (to be included in Node.js v0.10 and v0.12). Our crypto team (Shigeki Ohtsu, Fedor Indutny, and Ben Noordhuis) have performed an analysis of the defects addressed in the OpenSSL releases to determine their impact on Node.js. The results of this analysis are included below.
A malicious client can exhaust a server’s memory, resulting in a denial of service (DoS) by sending very large OCSP Status Request extensions in a single session.
This flaw is labelled high severity due to the ease of use for a DoS attack and Node.js servers using TLS are vulnerable.
Assessment: All versions of Node.js areaffected by this vulnerability.
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek()
if the peer sends an empty record.
Node.js is not yet dependent on OpenSSL 1.1.0 so it is not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
SWEET32 is a new attack on older block cipher algorithms that use a block size of 64 bits.
As mitigation, OpenSSL has moved DES-based ciphers from the HIGH
to MEDIUM
group. As Node.js includes HIGH
, but not MEDIUM
, in its default suite, affected ciphers are no longer included unless the default suite is not used. Node’s default TLS cipher suite can be found in the API documentation.
Assessment: All versions of Node.js areaffected by this vulnerability.
An overflow can occur in MDC2_Update()
under certain circumstances resulting in an out of bounds (OOB) error. This attack is impractical on most platforms due to the size of data required to trigger the OOB error.
Node.js is impacted by this flaw but due to the impracticalities of exploiting it and the very low usage of MDC-2, it is very low severity for Node.js users.
Assessment: All versions of Node.js areaffected by this vulnerability.
If a server uses SHA512 for TLS session ticket HMAC, it is vulnerable to a denial of service (DoS) attack via crash upon receiving a malformed ticket.
Node.js does not use SHA512 for session tickets and is therefore not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
An out of bounds (OOB) write can occur in BN_bn2dec()
if an application uses this function with an overly large BIGNUM
. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
An out of bounds (OOB) read can occur when large OIDs are presented via TS_OBJ_print_bio()
.
Node.js does not make use of the Time Stamp Authority functionality in OpenSSL and is therefore believed to be unaffected by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
This programming flaw is described in the post at <https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/>.
It is unlikely that Node.js users are directly impacted by this.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
This is very low severity for Node.js users due to the difficulty in taking advantage of this attack and because DSA is very rarely used.
Assessment: All versions of Node.js areaffected by this vulnerability.
In a DTLS connection where handshake messages are delivered out-of-order, those messages that OpenSSL is not yet ready to process will be buffered for later use. This can be exploited to cause a denial of service (DoS) via memory exhaustion.
As Node.js does not support DTLS, users are not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
A flaw in the DTLS replay attack protection mechanism that would allow an attacker to force a server to drop legitimate packets for a DTLS connection, resulting in a denial of service (DoS) for that connection.
As Node.js does not support DTLS, users are not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
Some missing message length checks can result in out of bounds (OOB) reads of up to 2 bytes beyond an allocated buffer. There is a theoretical denial of service (DoS) risk. This only impacts a client or a server which enables client authentication.
Node.js is impacted by this low severity flaw.
Assessment: All versions of Node.js areaffected by this vulnerability.
Excessive allocation of memory in OpenSSL 1.1.0 can be achieved by manipulating the length component of a TLS header.
Node.js is not yet dependent on OpenSSL 1.1.0 so it is not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
A flaw that is similar to CVE-2016-6307 but impacting DTLS.
Node.js is not yet dependent on OpenSSL 1.1.0, nor does it implement DTLS, so it is not impacted by this flaw.
Assessment: All versions of Node.js are believed to beunaffected by this vulnerability.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%