Bugzilla – Bug 1194513
VUL-0: CVE-2021-44533: nodejs10,nodejs12,nodejs14,nodejs16,nodejs: Incorrect handling of certificate subject and issuer fields
Last modified: 2023-07-06 12:33:28 UTC
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification. Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable. More details will be available at CVE-2021-44533 after publication. This vulnerability was reported by Google. Impacts: All versions of the 17.x, 16.x, 14.x, and 12.x releases lines. https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
This is an autogenerated message for OBS integration: This bug (1194513) was mentioned in https://build.opensuse.org/request/show/945772 Factory / nodejs16
SUSE-SU-2022:0101-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602,1194511,1194512,1194513,1194514 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135,CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs12-12.22.9-1.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0114-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs14-14.18.3-6.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0113-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs12-12.22.9-4.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0112-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs14-14.18.3-15.24.1
openSUSE-SU-2022:0113-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs12-12.22.9-4.25.1
SUSE-SU-2022:0112-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs14-14.18.3-15.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0112-1: An update that fixes 35 vulnerabilities is now available. Category: security (important) Bug References: 1194511,1194512,1194513,1194514,1197680,1198053,1198361 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-1125,CVE-2022-1127,CVE-2022-1128,CVE-2022-1129,CVE-2022-1130,CVE-2022-1131,CVE-2022-1132,CVE-2022-1133,CVE-2022-1134,CVE-2022-1135,CVE-2022-1136,CVE-2022-1137,CVE-2022-1138,CVE-2022-1139,CVE-2022-1141,CVE-2022-1142,CVE-2022-1143,CVE-2022-1144,CVE-2022-1145,CVE-2022-1146,CVE-2022-1232,CVE-2022-1305,CVE-2022-1306,CVE-2022-1307,CVE-2022-1308,CVE-2022-1309,CVE-2022-1310,CVE-2022-1311,CVE-2022-1312,CVE-2022-1313,CVE-2022-1314,CVE-2022-21824 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs14-14.18.3-15.24.1 openSUSE Backports SLE-15-SP3 (src): chromium-100.0.4896.88-bp153.2.82.1
openSUSE-SU-2022:0113-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1194511,1194512,1194513,1194514,1198204 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824,CVE-2022-24191 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs12-12.22.9-4.25.1 openSUSE Backports SLE-15-SP3 (src): htmldoc-1.9.12-bp153.2.9.1