DEBIAN-CVE-2023-23919

DEBIAN-CVE-2023-23919 PUBLISHED CVSS 7.5 HIGH

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	nodejs	0, 0, 0
Debian:12	nodejs	18.19.0+dfsg-5, 18.19.0+dfsg-2, 18.19.0+dfsg-3
Debian:13	nodejs	0, 0, 0

Timeline

Feb 23, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-23919 advisory

Open in Interactive Console →