Headline
CVE-2017-15896: Data Confidentiality/Integrity Vulnerability, December 2017 | Node.js
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement.
In addition the updates for 8.X and 9.X include a fix for a low severity buffer vulnerability as describe below.
We recommend that all users upgrade as soon as possible.
- Node.js 9 (Current)
- Node.js 8 (LTS “Carbon”)
- Node.js 6 (LTS “Boron”)
- Node.js 4 (LTS “Argon”)
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
The original HTTP module was not affected.
The vulnerability in the HTTP2 module (which only existing in the 8.X and 9.X lines) was fixed through nodejs/[email protected]. HTTP2 was previously exploitable through the submission of malicious data by an attacker.
The vulnerability in the TLS module was fixed by incorporating OpenSSL-1.0.2n into Node.js. We are not currently aware of any exploits but it was previously at a severe security risk of accepting unauthenticated data. See this advisory from OpenSSL for more details on the fixes in OpenSSL-1.0.2n secadv-20171207.txt.
The HTTPS module was not affected.
This vulnerability has been assigned CVE-2017-15896.
We would like to thank Matt Caswell (OpenSSL) and David Benjamin (Google) for reporting this.
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, ‘Buffer.alloc(0x100, "This is not correctly encoded", “hex”);’ The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.
Versions 4.X and 6.X were not vulnerable.
The severity of this information disclosure vulnerability was low (due to the combination of coding errors that need to have been made in order to make it exploitable) and it has been assigned CVE-2017-15897.
Note that CVE 2017-3738 of OpenSSL-1.0.2 affected Node but it was low severity as described in secadv-20171207.txt.
Original post is included below
The Node.js project will be releasing new versions of 4.x, 6.x, 8.x and 9.x as soon as possible after the OpenSSL release, on or soon after December 8th UTC, to incorporate a security fix.
All versions of 4.x, 6.x, 8.x and 9.x are vulnerable to an issue to be fixed in the forthcoming OpenSSL-1.0.2n released on Dec 7, see https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html for more details. The severity of this vulnerability of Node.js is HIGH (due to the way Node.js uses the OpenSSL APIs) and users of the affected versions should plan to upgrade when a fix is made available.
- Versions 4.0 and later of Node.js are vulnerable
- Versions 6.0 and later of Node.js are vulnerable
- Versions 8.0 and later of Node.js are vulnerable
- Versions 9.0 and later of Node.js are vulnerable
Releases will be available as soon as possible after the OpenSSL release, along with disclosure of the details for the vulnerability in order to allow for complete impact assessment by users.
The current Node.js security policy can be found at https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security.
Please contact [email protected] if you wish to report a vulnerability in Node.js.
Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.
Related news
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/A...
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the l...