vulnerability
Ubuntu: (CVE-2023-46809): nodejs vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Sep 7, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Sep 7, 2024
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
Solution
no-fix-ubuntu-package
References
- CVE-2023-46809
- https://attackerkb.com/topics/CVE-2023-46809
- CWE-385
- URL-https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
- URL-https://www.cve.org/CVERecord?id=CVE-2023-46809
- URL-https://www.openwall.com/lists/oss-security/2024/03/11/1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.