Bug 2105422 (CVE-2022-32212)
Summary: | CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | hhorak, jorton, mrunge, mvanderw, nodejs-maint, nodejs-sig, sgallagh, thrcka, zsvetlik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nodejs 14.20.0, nodejs 16.20.0, nodejs 18.5.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance, 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server. This issue provides a vector for an attacker-controlled DNS server or a Man-in-the-middle attack (MITM) who can spoof DNS responses to perform a rebinding attack and then connect to the WebSocket debugger allowing for arbitrary code execution on the target system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-30 07:28:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2108518, 2108519, 2108520, 2108056, 2108057, 2108058, 2108059, 2108060, 2108521, 2108522, 2108523, 2108524, 2108525, 2108526, 2109533, 2109576, 2109577, 2109578, 2121021 | ||
Bug Blocks: | 2105423 |
Description
Sage McTaggart
2022-07-08 18:41:48 UTC
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2108518] Affects: fedora-all [bug 2108521] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108522] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2108519] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108523] Created nodejs:15/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108524] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2108520] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108525] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2108526] Respective commits: v14: https://github.com/nodejs/node/commit/48c5aa5cab v16: https://github.com/nodejs/node/commit/754c9bfde0 v18: https://github.com/nodejs/node/commit/e4af5eba95 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6389 https://access.redhat.com/errata/RHSA-2022:6389 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6448 https://access.redhat.com/errata/RHSA-2022:6448 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6449 https://access.redhat.com/errata/RHSA-2022:6449 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6595 https://access.redhat.com/errata/RHSA-2022:6595 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6985 https://access.redhat.com/errata/RHSA-2022:6985 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32212 |