Bug 1800367 (CVE-2019-15604) - CVE-2019-15604 nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string
Summary: CVE-2019-15604 nodejs: Remotely trigger an assertion on a TLS server with a m...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-15604
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1800386 1800388 1800390 1800392 1800394 1800396 1800398 1800400 1800402 1800404
Blocks: 1800362
TreeView+ depends on / blocked
 
Reported: 2020-02-07 00:29 UTC by Jason Shepherd
Modified: 2021-02-16 20:38 UTC (History)
13 users (show)

Fixed In Version: nodejs 10.19.0, nodejs 12.15.0, nodejs 13.8.0
Doc Type: If docs needed, set a value
Doc Text:
An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication.
Clone Of:
Environment:
Last Closed: 2020-02-24 15:49:58 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0611 0 None None None 2020-02-26 11:52:45 UTC
Red Hat Product Errata RHBA-2020:0612 0 None None None 2020-02-26 12:02:17 UTC
Red Hat Product Errata RHBA-2020:0618 0 None None None 2020-02-26 15:00:46 UTC
Red Hat Product Errata RHBA-2020:0626 0 None None None 2020-02-27 08:31:20 UTC
Red Hat Product Errata RHBA-2020:0636 0 None None None 2020-02-27 15:53:27 UTC
Red Hat Product Errata RHBA-2020:0646 0 None None None 2020-03-02 08:04:16 UTC
Red Hat Product Errata RHBA-2020:0647 0 None None None 2020-03-02 08:01:56 UTC
Red Hat Product Errata RHBA-2020:0648 0 None None None 2020-03-02 08:08:20 UTC
Red Hat Product Errata RHBA-2020:0650 0 None None None 2020-03-02 10:20:42 UTC
Red Hat Product Errata RHSA-2020:0573 0 None None None 2020-02-24 12:54:15 UTC
Red Hat Product Errata RHSA-2020:0579 0 None None None 2020-02-25 08:36:33 UTC
Red Hat Product Errata RHSA-2020:0597 0 None None None 2020-02-25 13:04:42 UTC
Red Hat Product Errata RHSA-2020:0598 0 None None None 2020-02-25 13:39:27 UTC
Red Hat Product Errata RHSA-2020:0602 0 None None None 2020-02-25 15:53:26 UTC

Description Jason Shepherd 2020-02-07 00:29:34 UTC
Connecting to a NodeJS TLS server with a client certificate that has a type 19 string in its subjectAltName will crash the TLS server if it tries to read the peer certificate.

Comment 3 Tomas Hoger 2020-02-13 20:27:07 UTC
External References:

https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/

Comment 4 Tomas Hoger 2020-02-13 20:28:29 UTC
Upstream commit:
https://github.com/nodejs/node/commit/1156a9e5f8

HackerOne report:
https://hackerone.com/reports/746733

Comment 6 errata-xmlrpc 2020-02-24 12:54:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573

Comment 7 Product Security DevOps Team 2020-02-24 15:49:58 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-15604

Comment 8 errata-xmlrpc 2020-02-25 08:36:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579

Comment 9 errata-xmlrpc 2020-02-25 13:04:40 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597

Comment 10 errata-xmlrpc 2020-02-25 13:39:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598

Comment 11 errata-xmlrpc 2020-02-25 15:53:24 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602


Note You need to log in before you can comment on or make changes to this bug.