CVE-2019-15604

CVE	CVE-2019-15604
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-02-07 15:15:00 UTC
Updated	2022-11-16 03:02:00 UTC
Description	Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

Problem Types: CWE-295

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Application	Nodejs	Node.js	All	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Application	Oracle	Communications Cloud Native Core Network Function Cloud Native Environment	1.4.0	All	All	All
Application	Oracle	Graalvm	19.3.1	All	All	All
Application	Oracle	Graalvm	20.0.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.6	All	All	All
Application	Redhat	Software Collections	1.0	All	All	All

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	access.redhat.com
Debian -- Security Information -- DSA-4669-1 nodejs	DEBIAN	www.debian.org
[security-announce] openSUSE-SU-2020:0293-1: important: Security update	SUSE	lists.opensuse.org
Node v10.19.0 (LTS) \| Node.js	CONFIRM	nodejs.org	Release Notes, Vendor Advisory
Oracle Critical Patch Update Advisory - July 2021	N/A	www.oracle.com
February 2020 Node.js Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
HackerOne	MISC	hackerone.com	Exploit, Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com
February 2020 Security Releases \| Node.js	CONFIRM	nodejs.org	Vendor Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com
Node v13.8.0 (Current) \| Node.js	CONFIRM	nodejs.org	Vendor Advisory
Node v12.15.0 (LTS) \| Node.js	CONFIRM	nodejs.org	Release Notes, Vendor Advisory
Node.js: Multiple vulnerabilities (GLSA 202003-48) — Gentoo security	GENTOO	security.gentoo.org
Red Hat Customer Portal	REDHAT	access.redhat.com
Red Hat Customer Portal	REDHAT	access.redhat.com
Oracle Critical Patch Update Advisory - April 2020	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

199763 Ubuntu Security Notification for Node.js Vulnerabilities (USN-6380-1)
296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
500435 Alpine Linux Security Update for nodejs
501096 Alpine Linux Security Update for nodejs-current
504198 Alpine Linux Security Update for nodejs
505094 Alpine Linux Security Update for nodejs-current
940003 AlmaLinux Security Update for nodejs:10 (ALSA-2020:0579)
940191 AlmaLinux Security Update for nodejs:12 (ALSA-2020:0598)
960732 Rocky Linux Security Update for nodejs:10 (RLSA-2020:0579)
960870 Rocky Linux Security Update for nodejs:12 (RLSA-2020:0598)