Bug 6483 - [Anolis OS 8] Bugfix for CVE-2023-23919
Summary: [Anolis OS 8] Bugfix for CVE-2023-23919
Status: NEW
Alias: None
Product: Anolis OS 8
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 8.6
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: Jacob
QA Contact: shuming
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-09-08 10:51 UTC by 小龙
Modified: 2023-09-08 10:51 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-09-08 10:51:03 UTC
Description:
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

Broken commit info:

Bugfix commit info:
https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029