Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2017-15896 PUBLISHED CVSS 9.100000381469727 CRITICAL

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.22nodejs0, 0, 0
Alpine:v3.10nodejs6.11.1-r2, 6.9.1-r0, 8.9.1-r0
Alpine:v3.17nodejs6.10.1-r0, 8.9.2-r0, 8.9.1-r0
Alpine:v3.12nodejs6.10.3-r0, 0, 4.4.3-r0
Alpine:v3.14nodejs6.11.5-r0, 6.9.4-r0, 0
Alpine:v3.11nodejs4.4.4-r0, 4.5.0-r0, 6.10.0-r0
Alpine:v3.23nodejs0, 0, 0
Alpine:v3.16nodejs4.4.4-r0, 0, 4.4.3-r0
Alpine:v3.7nodejs0, 6.11.5-r0, 6.9.1-r0
Alpine:v3.19nodejs4.4.5-r0, 8.9.1-r0, 8.9.0-r0
Alpine:v3.18nodejs4.4.7-r0, 6.10.3-r0, 0
Alpine:v3.20nodejs6.9.2-r0, 6.9.4-r1, 8.9.0-r0
Alpine:v3.9nodejs8.9.2-r0, 8.9.1-r0, 8.9.0-r0
Alpine:v3.15nodejs6.11.1-r2, 8.9.1-r0, 8.9.0-r0
Alpine:v3.21nodejs0, 0, 0
Alpine:v3.13nodejs4.5.0-r0, 6.10.0-r0, 6.10.1-r0
Alpine:v3.8nodejs6.9.4-r0, 0, 4.4.4-r0

Timeline

References

Open in Interactive Console →