CVE-2022-32223

CWE-4275 documents5 sources

Severity

7.3HIGH

EPSS

6.1%

top 9.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node Nodejs Node.js

Timeline

PublishedJul 14

Latest updateJul 15

Description

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5nodejs/node4.0 — 4.*+14

▶NVDnodejs/node.js14.14.0 — 14.20.0+4

▶Alpinenodejs< 0+3

Patches

Patch: nodejs.org ↗Patch: nodejs.org ↗

🔴Vulnerability Details

GHSA

GHSA-fxjx-rf8x-pxw8: Node↗2022-07-15

▶

OSV

CVE-2022-32223: Node↗2022-07-14

▶

CVEList

CVE-2022-32223: Node↗2022-07-14

▶

📋Vendor Advisories

Debian

CVE-2022-32223: nodejs - Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain cond...↗2022

▶