Vulnerability CVE-2021-22940: Information
Description
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
node | sisyphus | 14.17.5-alt1 | 20.13.1-alt1 | ALT-PU-2021-2497-1 | 282449 | Fixed |
node | p10 | 14.17.5-alt1 | 16.19.1-alt1 | ALT-PU-2021-2550-1 | 282492 | Fixed |
node | c10f1 | 14.17.5-alt1 | 16.19.1-alt1 | ALT-PU-2021-2550-1 | 282492 | Fixed |
node | c9f2 | 16.17.1-alt0.c9.1 | 16.19.1-alt0.c9.1 | ALT-PU-2022-3073-1 | 303505 | Fixed |
node | p11 | 14.17.5-alt1 | 20.13.1-alt1 | ALT-PU-2021-2497-1 | 282449 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://hackerone.com/reports/1238162 |
|
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ |
|
https://security.netapp.com/advisory/ntap-20210923-0001/ |
|
https://www.oracle.com/security-alerts/cpuoct2021.html |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf |
|
N/A |
|
[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update |
|
GLSA-202401-02 |