Search for vulnerabilities
Vulnerability details: VCID-849h-j5yz-aaan
Vulnerability ID VCID-849h-j5yz-aaan
Aliases CVE-2023-46809
Summary Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-385 Covert Timing Channel
CWE-208 Observable Timing Discrepancy
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00186 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00317 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00345 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00447 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0046 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00467 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00467 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00467 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00467 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0048 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0048 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00518 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00518 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.0078 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
epss 0.00852 https://api.first.org/data/v1/epss?cve=CVE-2023-46809
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json
https://api.first.org/data/v1/epss?cve=CVE-2023-46809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46809
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://nodejs.org/en/blog/vulnerability/february-2024-security-releases
1064055 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064055
2264569 https://bugzilla.redhat.com/show_bug.cgi?id=2264569
CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809
GLSA-202505-11 https://security.gentoo.org/glsa/202505-11
RHSA-2024:1503 https://access.redhat.com/errata/RHSA-2024:1503
RHSA-2024:1510 https://access.redhat.com/errata/RHSA-2024:1510
RHSA-2024:1687 https://access.redhat.com/errata/RHSA-2024:1687
RHSA-2024:1688 https://access.redhat.com/errata/RHSA-2024:1688
RHSA-2024:1880 https://access.redhat.com/errata/RHSA-2024:1880
RHSA-2024:1932 https://access.redhat.com/errata/RHSA-2024:1932
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46809.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.09902
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-02-16T00:15:36.845489+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc2