VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fwx8-w1gn-aaan

Essentials
Severities (100)
References (15)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-fwx8-w1gn-aaan
Aliases	CVE-2023-23919
Summary	A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-310

Cryptographic Issues

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00391	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00599	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00614	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00773	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00773	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.00773	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.04192	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
epss	0.7047	https://api.first.org/data/v1/epss?cve=CVE-2023-23919
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://hackerone.com/reports/1808596
cvssv3.1	7.5	https://hackerone.com/reports/1808596
ssvc	Track	https://hackerone.com/reports/1808596
ssvc	Track	https://hackerone.com/reports/1808596
cvssv3.1	7.5	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
cvssv3.1	7.5	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
ssvc	Track	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
ssvc	Track	https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23919
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23919
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230316-0008/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230316-0008/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-23919
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hackerone.com/reports/1808596
		https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
		https://security.netapp.com/advisory/ntap-20230316-0008/
1031834		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
2172170		https://bugzilla.redhat.com/show_bug.cgi?id=2172170
cpe:2.3:a:nodejs:node.js:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
cpe:2.3:a:nodejs:node.js:::::lts:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
CVE-2023-23919		https://nvd.nist.gov/vuln/detail/CVE-2023-23919
RHSA-2023:1582		https://access.redhat.com/errata/RHSA-2023:1582
RHSA-2023:1583		https://access.redhat.com/errata/RHSA-2023:1583
RHSA-2023:2654		https://access.redhat.com/errata/RHSA-2023:2654
USN-6672-1		https://usn.ubuntu.com/6672-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://hackerone.com/reports/1808596

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://hackerone.com/reports/1808596

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/ Found at https://hackerone.com/reports/1808596

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/ Found at https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23919

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23919

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230316-0008/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/ Found at https://security.netapp.com/advisory/ntap-20230316-0008/

Exploit Prediction Scoring System (EPSS)

Percentile	0.33964
EPSS Score	0.00076
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.