Vulnerability BDU:2022-00758: Information

Description

Уязвимость реализации способа указания всех доменных имен и IP-адресов Subject Alternative Names программной платформы Node.js, позволяющая нарушителю проводить спуфинг-атаки

Severity: HIGH (7.4) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

URL: https://bdu.fstec.ru/vul/2022-00758
Published: Dec. 31, 2021
Modified: Dec. 31, 2021
Error type identifier: CWE-295

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus8.0.29-alt18.0.37-alt1.1ALT-PU-2022-2156-1299826Fixed
MySQLsisyphus_e2k8.0.29-alt18.0.37-alt1.1ALT-PU-2022-5632-1-Fixed
MySQLsisyphus_riscv648.0.30-alt0.1.rv648.0.37-alt0.portALT-PU-2022-5950-1-Fixed
MySQLp108.0.29-alt18.0.36-alt1ALT-PU-2022-2171-1302902Fixed
MySQLp10_e2k8.0.29-alt18.0.36-alt1ALT-PU-2022-5561-1-Fixed
MySQLc10f18.0.29-alt18.0.37-alt1ALT-PU-2022-2171-1302902Fixed
MySQLc9f28.0.30-alt1.0.c9.18.0.36-alt0.c9.1ALT-PU-2023-1912-1321845Fixed
MySQLp118.0.29-alt18.0.37-alt1.1ALT-PU-2022-2156-1299826Fixed
nodesisyphus13.6.0-alt220.13.1-alt1ALT-PU-2020-1090-1244511Fixed
nodep1014.19.1-alt116.19.1-alt1ALT-PU-2022-1799-1298947Fixed
nodec10f114.19.1-alt116.19.1-alt1ALT-PU-2022-1799-1298947Fixed
nodec9f216.17.1-alt0.c9.116.19.1-alt0.c9.1ALT-PU-2022-3073-1303505Fixed
nodep1113.6.0-alt220.13.1-alt1ALT-PU-2020-1090-1244511Fixed

References to Advisories, Solutions, and Tools

Vulnerability Status
Подтверждена производителем
Presence of an exploit
Данные уточняются
Fix status
Уязвимость устранена
Software Type
Операционная система, Прикладное ПО информационных систем, Сетевое программное средство
Solution
Использование рекомендаций:
Для Node.js:
http://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/

Для Ред ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-programmnoy-platformy-node-js-cve-2021-44531-cve-2021-44532-cve-2021-44533-cve-2022-21824/

Для продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-44531

Для Fedora:
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0eda327cb4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-78090d2099
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-1a016f9102
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-b5d5c5a7b8
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-f399a3794d
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-2a44c4f680
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-9ae44d7e4c
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-a627320247

Для Debian:
https://security-tracker.debian.org/tracker/CVE-2021-44531
Sources
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-programmnoy-platformy-node-js-cve-2021-44531-cve-2021-44532-cve-2021-44533-cve-2022-21824/
https://bugzilla.redhat.com/show_bug.cgi?id=2040839
https://access.redhat.com/security/cve/cve-2021-44531
http://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
https://vulners.com/ubuntucve/UB:CVE-2021-44531
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0eda327cb4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-78090d2099
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-1a016f9102
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-b5d5c5a7b8
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-f399a3794d
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-2a44c4f680
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-9ae44d7e4c
https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2022-a627320247
https://github.com/nodejs/node/commit/50439b446f1e6bfc91f03d4b070edb5357b16b8b
https://security-tracker.debian.org/tracker/CVE-2021-44531
Other system identifiers
CVE-2021-44531
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top