When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20.

CPENameOperatorVersion
node.jsge20.0.0
node.jslt20.3.1
node.jsge18.0.0
node.jslt18.16.1
node.jsge16.0.0
node.jslt16.20.1

Name	Operator	Version
node.js	ge	20.0.0
node.js	lt	20.3.1
node.js	ge	18.0.0
node.js	lt	18.16.1
node.js	ge	16.0.0
node.js	lt	16.20.1

References

nodejs.org/en/blog/vulnerability/june-2023-security-releases

nvd 1

cgr 1

redhatcve 1

debiancve 1

osv 10

ubuntucve 1

veracode 1

cvelist 1

wolfi 1

cve 1

hackerone 1

ubuntu 1

nessus 40

openvas 10

oraclelinux 4

almalinux 4

redhat 6

rocky 2

ibm 15

fedora 4

nodejsblog 1

mageia 1

debian 1

photon 2

gentoo 1

ics 1

oracle 1

nvd

CVE-2023-30588

2023-11-28 20:15:07

cgr

CVE-2023-30588 vulnerabilities

2024-05-19 03:07:16

redhatcve

CVE-2023-30588

2023-07-05 15:18:43

debiancve

CVE-2023-30588

2023-11-28 20:15:07

osv

CVE-2023-30588

2023-11-28 20:15:07

BIT-node-2023-30588

2024-03-06 11:01:05

nodejs vulnerabilities

2024-04-16 11:31:52

ubuntucve

CVE-2023-30588

2023-11-28 00:00:00

veracode

Denial Of Service (DoS)

2023-11-29 05:49:59

cvelist

CVE-2023-30588

2023-11-28 19:15:19

wolfi

CVE-2023-30588 vulnerabilities

2024-07-03 09:08:38

cve

CVE-2023-30588

2023-11-28 20:15:07

hackerone

Node.js: node.js process aborts when processing x509 certs with invalid public key information

2023-02-23 02:30:33

ubuntu

Node.js vulnerabilities

2024-04-16 00:00:00

nessus

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6735-1)

2024-04-16 00:00:00

RHEL 8 : nodejs:16 (RHSA-2023:4537)

2023-08-08 00:00:00

RHEL 9 : nodejs:18 (RHSA-2023:4330)

2023-07-31 00:00:00

openvas

Ubuntu: Security Advisory (USN-6735-1)

2024-04-17 00:00:00

Fedora: Security Advisory for nodejs18 (FEDORA-2023-cdddce304a)

2023-07-23 00:00:00

Fedora: Security Advisory for nodejs16 (FEDORA-2023-608a1417d3)

2023-07-23 00:00:00

oraclelinux

nodejs security, bug fix, and enhancement update

2023-08-02 00:00:00

nodejs:18 security, bug fix, and enhancement update

2023-08-10 00:00:00

nodejs:16 security, bug fix, and enhancement update

2023-08-10 00:00:00

almalinux

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-08-08 00:00:00

Moderate: nodejs:16 security, bug fix, and enhancement update

2023-08-08 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-07-31 00:00:00

redhat

(RHSA-2023:4330) Moderate: nodejs:18 security, bug fix, and enhancement update

2023-07-31 08:54:02

(RHSA-2023:4331) Moderate: nodejs security, bug fix, and enhancement update

2023-07-31 08:55:53

(RHSA-2023:4536) Moderate: nodejs:18 security, bug fix, and enhancement update

2023-08-08 07:21:44

rocky

nodejs:16 security, bug fix, and enhancement update

2023-08-08 12:34:39

nodejs:18 security, bug fix, and enhancement update

2023-10-06 23:10:12

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to several vulnerabilities in Node.js due to [CVE-2023-30581] [CVE-2023-30588] [CVE-2023-30589] [CVE-2023-30590]

2023-09-07 15:11:40

Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js

2023-10-13 12:54:24

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

2023-08-01 09:43:58

fedora

[SECURITY] Fedora 38 Update: nodejs16-16.20.1-1.fc38

2023-07-21 02:27:10

[SECURITY] Fedora 37 Update: nodejs18-18.16.1-1.fc37

2023-07-19 04:21:14

[SECURITY] Fedora 37 Update: nodejs16-16.20.1-1.fc37

2023-07-21 01:26:42

nodejsblog

Tuesday June 20 2023 Security Releases

2023-06-20 00:00:00

mageia

Updated nodejs packages fix security vulnerability

2023-07-07 08:54:45

debian

[SECURITY] [DSA 5589-1] nodejs security update

2023-12-27 22:12:40

photon

Critical Photon OS Security Update - PHSA-2023-3.0-0606

2023-07-02 00:00:00

Important Photon OS Security Update - PHSA-2023-5.0-0041

2023-06-29 00:00:00

gentoo

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for PRION:CVE-2023-30588