Hide Forgot
The llhttp parser in the http module in Node.js v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. Impacts: All versions of the 18.x, 16.x, and 14.x release lines. llhttp v6.0.10 contains the fixes that were updated inside Node.js
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2130533] Affects: fedora-all [bug 2130532] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130537] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2130534] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130538] Created nodejs:15/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130539] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2130536] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130540] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2130541]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6963 https://access.redhat.com/errata/RHSA-2022:6963
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6964 https://access.redhat.com/errata/RHSA-2022:6964
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:7044 https://access.redhat.com/errata/RHSA-2022:7044
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7821 https://access.redhat.com/errata/RHSA-2022:7821
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7830 https://access.redhat.com/errata/RHSA-2022:7830
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35256
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0321 https://access.redhat.com/errata/RHSA-2023:0321