A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.

References

bugzilla.redhat.com/show_bug.cgi?id=2140911

nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548

nvd.nist.gov/vuln/detail/CVE-2022-43548

www.cve.org/CVERecord?id=CVE-2022-43548

openvas 15

nessus 45

ibm 20

cbl_mariner 2

mageia 1

veracode 1

altlinux 1

hackerone 1

oraclelinux 5

almalinux 5

rocky 5

f5 1

cvelist 1

osv 15

cve 1

ubuntucve 1

nvd 1

prion 1

debiancve 1

alpinelinux 1

debian 2

redhat 8

nodejsblog 1

ubuntu 1

photon 2

gentoo 1

oracle 3

openvas

SUSE: Security Advisory (SUSE-SU-2022:4255-1)

2022-11-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4254-1)

2022-11-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4301-1)

2022-12-02 00:00:00

nessus

Oracle MySQL Cluster (Apr 2023 CPU)

2023-04-20 00:00:00

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2022:4301-1)

2022-12-02 00:00:00

RHEL 9 : nodejs:18 (RHSA-2022:8832)

2022-12-06 00:00:00

ibm

Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548

2023-04-17 16:30:49

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js command execution vulnerability (CVE-2022-43548)

2023-02-03 16:21:43

Security Bulletin: Vulnerability in Node.js affects IBM Voice Gateway

2023-02-02 22:08:02

cbl_mariner

CVE-2022-43548 affecting package nodejs 14.20.1-2

2022-12-27 17:55:50

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2

2022-12-19 20:12:43

mageia

Updated nodejs packages fix security vulnerability

2022-11-13 05:25:20

veracode

Arbitrary Code Execution

2022-11-06 14:52:02

altlinux

Security fix for the ALT Linux 10 package node version 16.18.1-alt1

2023-03-18 00:00:00

hackerone

Node.js: DNS rebinding in --inspect via invalid octal IP address

2022-09-23 19:28:01

oraclelinux

nodejs:18 security, bug fix, and enhancement update

2022-12-09 00:00:00

nodejs:18 security, bug fix, and enhancement update

2022-12-08 00:00:00

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-24 00:00:00

almalinux

Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 00:00:00

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 00:00:00

rocky

nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:25

nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:28

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 14:30:11

K000133494 : Node.js vulnerability CVE-2022-43548

2023-04-12 00:00:00

cvelist

CVE-2022-43548

2022-12-05 00:00:00

osv

BIT-node-2022-43548

2024-03-06 11:02:30

nodejs - security update

2023-02-26 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:28

cve

CVE-2022-43548

2022-12-05 22:15:10

ubuntucve

CVE-2022-43548

2022-12-05 00:00:00

nvd

CVE-2022-43548

2022-12-05 22:15:10

prion

Command injection

2022-12-05 22:15:00

debiancve

CVE-2022-43548

2022-12-05 22:15:10

alpinelinux

CVE-2022-43548

2022-12-05 22:15:10

debian

[SECURITY] [DLA 3344-1] nodejs security update

2023-02-26 01:17:34

[SECURITY] [DSA 5326-1] nodejs security update

2023-01-24 20:01:20

redhat

(RHSA-2022:8832) Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:25

(RHSA-2022:8833) Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:28

(RHSA-2023:0321) Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 14:30:11

nodejsblog

Nov 3 2022 Security Releases

2022-11-01 00:00:00

ubuntu

Node.js vulnerabilities

2023-11-21 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0011

2023-05-24 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0504

2022-12-17 00:00:00

gentoo

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for RH:CVE-2022-43548