In some cases Node.js did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2172173] Affects: fedora-all [bug 2172174] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172171] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172172]
Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2172176]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-23919