2244414 – (CVE-2023-39332) CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array

Bug 2244414 (CVE-2023-39332) - CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array

Summary: CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array

Keywords:
Status:	NEW
Alias:	CVE-2023-39332
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2244452 2244453 2244454 2244455 2244456 2244460 2244461 2258564 2258565 2244457 2244458 2244459 2244462 2244493
Blocks:	2244419
TreeView+	depends on / blocked

Reported:	2023-10-16 12:31 UTC by Dhananjay Arunesh
Modified:	2024-03-06 15:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer Uint8Array objects.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:7205	0	None	None	None	2023-11-14 16:55:19 UTC

Description Dhananjay Arunesh 2023-10-16 12:31:39 UTC

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer Uint8Array objects.

References:
https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

Comment 1 Dhananjay Arunesh 2023-10-16 14:26:13 UTC

Created nodejs tracking bugs for this issue:

Affects: epel-7 [bug 2244452]
Affects: fedora-37 [bug 2244459]


Created nodejs16 tracking bugs for this issue:

Affects: fedora-38 [bug 2244454]


Created nodejs18 tracking bugs for this issue:

Affects: fedora-38 [bug 2244456]


Created nodejs20 tracking bugs for this issue:

Affects: fedora-38 [bug 2244453]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: epel-8 [bug 2244461]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-37 [bug 2244458]


Created nodejs:16-epel/nodejs tracking bugs for this issue:

Affects: epel-8 [bug 2244460]


Created nodejs:16/nodejs tracking bugs for this issue:

Affects: fedora-38 [bug 2244455]


Created nodejs:18/nodejs tracking bugs for this issue:

Affects: fedora-37 [bug 2244457]

Comment 7 errata-xmlrpc 2023-11-14 16:55:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7205 https://access.redhat.com/errata/RHSA-2023:7205

Comment 8 Dhananjay Arunesh 2024-01-16 10:00:21 UTC

Created nodejs tracking bugs for this issue:

Affects: epel-7 [bug 2258564]


Created nodejs20 tracking bugs for this issue:

Affects: fedora-38 [bug 2258565]

Note You need to log in before you can comment on or make changes to this bug.