QwikSec

Security Database

CVE

CWE

Training

CVE-2023-23919

Published: Feb 23, 2023

Modified: Apr 30, 2025

PUBLISHED

Description

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

Vendor	Product	Versions
NodeJS	Node	affected `4.0 - < 4.` affected `5.0 - < 5.` affected `6.0 - < 6.` affected `7.0 - < 7.` affected `8.0 - < 8.*` +11 more versions

Weaknesses (CWE)

References

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

https://hackerone.com/reports/1808596

https://security.netapp.com/advisory/ntap-20230316-0008/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.