CVE-2023-30588

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 28, 2023

Updated: Jun 21, 2024

Summary

CVE-2023-30588 is a vulnerability affecting Node.js versions 16, 18, and 20. It allows for Denial of Service (DoS) attacks when an invalid public key is used to generate an x509 certificate through the crypto.X509Certificate() API. Instead of terminating as expected, the process continues and becomes susceptible to interruptions caused by an attacker. These interruptions can force the application to terminate and cause a DoS scenario, resulting in the loss of the current context for users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nodejs Node.js

Affected Vendors

Nodejs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ruIaNW
https://www.cve.org/CVERecord?id=CVE-2023-30588
https://nvd.nist.gov/vuln/detail/CVE-2023-30588

Back to Vulnerability Database