{"api_version":"1","generated_at":"2026-04-23T02:46:49+00:00","cve":"CVE-2023-23919","urls":{"html":"https://cve.report/CVE-2023-23919","api":"https://cve.report/api/cve/CVE-2023-23919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-23919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-23919"},"summary":{"title":"CVE-2023-23919","description":"A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-02-23 20:15:00","updated_at":"2023-03-16 16:15:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://hackerone.com/reports/1808596","name":"https://hackerone.com/reports/1808596","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20230316-0008/","name":"https://security.netapp.com/advisory/ntap-20230316-0008/","refsource":"CONFIRM","tags":[],"title":"Februray 2023 Node.js Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/","name":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/","refsource":"MISC","tags":[],"title":"Thursday February 16 2023 Security Releases | Node.js","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-23919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"23919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"23919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"23919","vulnerable":"1","versionEndIncluding":"14.14.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"23919","vulnerable":"1","versionEndIncluding":"16.12.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"23919","vulnerable":"1","versionEndIncluding":"18.11.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-23919","qid":"160535","title":"Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2023-1582)"},{"cve":"CVE-2023-23919","qid":"160639","title":"Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2023-2654)"},{"cve":"CVE-2023-23919","qid":"200161","title":"Ubuntu Security Notification for Node.js Vulnerabilities (USN-6672-1)"},{"cve":"CVE-2023-23919","qid":"241332","title":"Red Hat Update for nodejs:16 security (RHSA-2023:1582)"},{"cve":"CVE-2023-23919","qid":"241457","title":"Red Hat Update for nodejs:18 security (RHSA-2023:2654)"},{"cve":"CVE-2023-23919","qid":"284203","title":"Fedora Security Update for nodejs16 (FEDORA-2023-973319d5b7)"},{"cve":"CVE-2023-23919","qid":"355455","title":"Amazon Linux Security Advisory for nodejs : ALAS2023-2023-226"},{"cve":"CVE-2023-23919","qid":"502670","title":"Alpine Linux Security Update for nodejs"},{"cve":"CVE-2023-23919","qid":"502748","title":"Alpine Linux Security Update for nodejs"},{"cve":"CVE-2023-23919","qid":"6000404","title":"Debian Security Update for nodejs (DSA 5589-1)"},{"cve":"CVE-2023-23919","qid":"753756","title":"SUSE Enterprise Linux Security Update for nodejs16 (SUSE-SU-2023:0673-1)"},{"cve":"CVE-2023-23919","qid":"905618","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13684)"},{"cve":"CVE-2023-23919","qid":"905673","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13756)"},{"cve":"CVE-2023-23919","qid":"906662","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13684-3)"},{"cve":"CVE-2023-23919","qid":"907154","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (13756-1)"},{"cve":"CVE-2023-23919","qid":"940976","title":"AlmaLinux Security Update for nodejs:16 (ALSA-2023:1582)"},{"cve":"CVE-2023-23919","qid":"941014","title":"AlmaLinux Security Update for nodejs:18 (ALSA-2023:2654)"},{"cve":"CVE-2023-23919","qid":"960902","title":"Rocky Linux Security Update for nodejs:16 (RLSA-2023:1582)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-23919","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"https://github.com/nodejs/node","version":{"version_data":[{"version_value":"Fixed in 19.2.0, 18.14.1, 16.19.1, 14.21.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cryptographic Issues - Generic (CWE-310)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/","url":"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/"},{"refsource":"MISC","name":"https://hackerone.com/reports/1808596","url":"https://hackerone.com/reports/1808596"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230316-0008/","url":"https://security.netapp.com/advisory/ntap-20230316-0008/"}]},"description":{"description_data":[{"lang":"eng","value":"A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service."}]}},"nvd":{"publishedDate":"2023-02-23 20:15:00","lastModifiedDate":"2023-03-16 16:15:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"14.0.0","versionEndIncluding":"14.14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.12.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"18.0.0","versionEndIncluding":"18.11.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"18.0.0","versionEndExcluding":"18.14.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.19.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.21.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"19.0.0","versionEndExcluding":"19.2.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}