H1-2269177 — Vulnetix

H1-2269177 PUBLISHED CVSS 6.5 MEDIUM

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploit Intelligence

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (hackerone)
Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (hackerone)
node_revert.h (github-poc)
GenerationConfig.java (github-poc)
SelfAdaptationGenerationConfig.java (github-poc)

Timeline

Feb 15, 2024 CVE Published
Feb 15, 2024 PoC Published

References

Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›