ID

VAR-202210-0037


CVE

CVE-2022-35255


TITLE

Node.js Foundation  of  Node.js  Cryptographic vulnerabilities in products from multiple other vendors  PRNG  Vulnerability regarding the use of

Trust: 0.8

sources: JVNDB: JVNDB-2022-022576

DESCRIPTION

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Node.js Foundation of Node.js Products from multiple other vendors have weak encryption. PRNG There is a vulnerability in the use of.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nodejs:16 security update Advisory ID: RHSA-2022:6964-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6964 Issue date: 2022-10-17 CVE Names: CVE-2022-35255 CVE-2022-35256 ==================================================================== 1. Summary: An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. Security Fix(es): * nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm aarch64: nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm noarch: nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm ppc64le: nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm s390x: nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm x86_64: nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-35255 https://access.redhat.com/security/cve/CVE-2022-35256 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY01tM9zjgjWX9erEAQgRRw/8DdK1QObq3so9+4ybaPFjCpdytAyNFy2E vrWNb7xRSO8myrQJ3cspxWMgRgfjMeJYPL8MT7iolW0SMWPd3uNMIh6ej3nK6zo+ BqHGgPBB2+knIF9ApMxW+2OpQAl4j0ICOeyLinqUXsyzDqPUOdW5kgNIPog668tc VsxB2Lt7pAJcpNkmwx6gvU5aZ6rWOUeNKyjAnat5AJPUx+NbtOtFWymivlPKCNWg bcGktfXz22tAixuEih9pC+YrPbJ++AHg5lZbK35uHBeGe7i9OdhbH8lbGrV5+0Vo 3DOlVTvuofjPZr0Ft50ChMsgsc/3pmBTXZOEfLrNHIMlJ2sHsP/3ZQ4hUmYYI3xs BF6HmgS4d3rEybSyXjqkQHKvSEi8KxBcs0y8RrvZeEUOfwTPwdaWKIhlzzn3lGYm a4iPlYzfCTfV4h2YdLvNE0hcOeaChiPVWvVxb9aV9XUW2ibWyHPSlJpBoP1UjMW4 8T0tYn6hUUWhWWT4cra5ipEjCmU9YfhdFsjoqKS/KFNA7kD94NSqWcbPs+3XnKbT l2IjXb8aBpn2Yykq1u4t12VEJCnKeTEUt43/LAlXW1mkNV3OQ2bPl2qwdEPTQxDP WBoK9aPtqD6W3VyuNza3VItmZKYw7nHtZL40YpvbdA6XtmlHZF6bFEiLdSwNduaV jippDtM0Pgw=vFcS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Node.js. Background ========= Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Affected packages ================ Package Vulnerable Unaffected --------------- ------------ ------------ net-libs/nodejs < 16.20.2 >= 16.20.2 Description ========== Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Node.js 20 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1" All Node.js 18 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1" All Node.js 16 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2" References ========= [ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.16

sources: NVD: CVE-2022-35255 // JVNDB: JVNDB-2022-022576 // VULMON: CVE-2022-35255 // PACKETSTORM: 169408 // PACKETSTORM: 168757 // PACKETSTORM: 169779 // PACKETSTORM: 170727 // PACKETSTORM: 178512

AFFECTED PRODUCTS

vendor:nodejsmodel:node.jsscope:ltversion:16.17.1

Trust: 1.0

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:18.9.1

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:16.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:18.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:15.14.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:16.12.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:16.13.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:node jsmodel:node.jsscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022576 // NVD: CVE-2022-35255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-35255
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-35255
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202210-1268
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-35255
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-35255
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022576 // CNNVD: CNNVD-202210-1268 // NVD: CVE-2022-35255

PROBLEMTYPE DATA

problemtype:CWE-338

Trust: 1.0

problemtype:Cryptographic weakness PRNG Use of (CWE-338) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022576 // NVD: CVE-2022-35255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1268

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-1268

PATCH

title:Node.js Fixing measures for security feature vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216854

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-35255

Trust: 0.1

sources: VULMON: CVE-2022-35255 // CNNVD: CNNVD-202210-1268

EXTERNAL IDS

db:NVDid:CVE-2022-35255

Trust: 3.8

db:HACKERONEid:1690000

Trust: 2.4

db:SIEMENSid:SSA-332410

Trust: 2.4

db:ICS CERTid:ICSA-23-017-03

Trust: 0.8

db:JVNid:JVNVU90782730

Trust: 0.8

db:JVNDBid:JVNDB-2022-022576

Trust: 0.8

db:PACKETSTORMid:169408

Trust: 0.7

db:PACKETSTORMid:169779

Trust: 0.7

db:PACKETSTORMid:170727

Trust: 0.7

db:AUSCERTid:ESB-2022.5146

Trust: 0.6

db:CNNVDid:CNNVD-202210-1268

Trust: 0.6

db:VULMONid:CVE-2022-35255

Trust: 0.1

db:PACKETSTORMid:168757

Trust: 0.1

db:PACKETSTORMid:178512

Trust: 0.1

sources: VULMON: CVE-2022-35255 // JVNDB: JVNDB-2022-022576 // PACKETSTORM: 169408 // PACKETSTORM: 168757 // PACKETSTORM: 169779 // PACKETSTORM: 170727 // PACKETSTORM: 178512 // CNNVD: CNNVD-202210-1268 // NVD: CVE-2022-35255

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Trust: 2.4

url:https://hackerone.com/reports/1690000

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20230113-0002/

Trust: 2.4

url:https://www.debian.org/security/2023/dsa-5326

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-35255

Trust: 1.3

url:https://jvn.jp/vu/jvnvu90782730/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03

Trust: 0.8

url:https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169408/red-hat-security-advisory-2022-6963-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5146

Trust: 0.6

url:https://packetstormsecurity.com/files/169779/red-hat-security-advisory-2022-7821-01.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-35255/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-35256

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-35255

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-35256

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32214

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32212

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-43548

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32213

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32215

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2022:6963

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6964

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7821

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nodejs

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32006

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22931

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22939

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32558

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30588

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35949

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22959

Trust: 0.1

url:https://security.gentoo.org/glsa/202405-29

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30584

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32003

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22883

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35948

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44533

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30582

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3602

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30586

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32005

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32559

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22930

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30581

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-30583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44531

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37701

Trust: 0.1

sources: VULMON: CVE-2022-35255 // JVNDB: JVNDB-2022-022576 // PACKETSTORM: 169408 // PACKETSTORM: 168757 // PACKETSTORM: 169779 // PACKETSTORM: 170727 // PACKETSTORM: 178512 // CNNVD: CNNVD-202210-1268 // NVD: CVE-2022-35255

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 169408 // PACKETSTORM: 168757 // PACKETSTORM: 169779

SOURCES

db:VULMONid:CVE-2022-35255
db:JVNDBid:JVNDB-2022-022576
db:PACKETSTORMid:169408
db:PACKETSTORMid:168757
db:PACKETSTORMid:169779
db:PACKETSTORMid:170727
db:PACKETSTORMid:178512
db:CNNVDid:CNNVD-202210-1268
db:NVDid:CVE-2022-35255

LAST UPDATE DATE

2024-08-14T13:12:40.970000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-022576date:2023-11-17T08:21:00
db:CNNVDid:CNNVD-202210-1268date:2023-02-01T00:00:00
db:NVDid:CVE-2022-35255date:2023-03-01T15:03:19.287

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-022576date:2023-11-17T00:00:00
db:PACKETSTORMid:169408date:2022-10-18T22:30:35
db:PACKETSTORMid:168757date:2022-10-18T14:27:29
db:PACKETSTORMid:169779date:2022-11-08T13:50:31
db:PACKETSTORMid:170727date:2023-01-25T16:09:12
db:PACKETSTORMid:178512date:2024-05-09T15:46:44
db:CNNVDid:CNNVD-202210-1268date:2022-10-18T00:00:00
db:NVDid:CVE-2022-35255date:2022-12-05T22:15:10.513