what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2023-30589

Status Candidate

Overview

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20

Related Files

Ubuntu Security Notice USN-6735-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | 68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3
Debian Security Advisory 5589-1
Posted Dec 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559, CVE-2023-38552, CVE-2023-39333
SHA-256 | 99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88
Red Hat Security Advisory 2023-5533-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b
Red Hat Security Advisory 2023-5361-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793
Red Hat Security Advisory 2023-4536-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

tags | advisory, web, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | 2f06bbbf8bfb035c3cc29869030ff9c394d94f4a61e802e88783692206313bf6
Red Hat Security Advisory 2023-4537-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

tags | advisory, web, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | 26418c8a5be7babeeb199c8a8e789c7d53171594bcc88de2f5638715da3afb4b
Red Hat Security Advisory 2023-4330-01
Posted Jul 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

tags | advisory, web, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | e350366281586d2cef04c6d228a4b1688a999c2161b5a64f4df03fc2dc126fb6
Red Hat Security Advisory 2023-4331-01
Posted Jul 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

tags | advisory, web, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
SHA-256 | f16ee90126b9893b5e5bba06fb24bfec93e3b2b99379a10616a486da89a60aed
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close