Bug 1201328 – VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses

Bug 1201328 - (CVE-2022-32212) VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses

(CVE-2022-32212)
Summary:	VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addr...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Adam Majer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/336535/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-32212:7.5:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-07-08 10:27 UTC by Carlos López
Modified:	2023-01-31 14:06 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2022-07-08 10:27:12 UTC

CVE-2022-32212

The IsAllowedHost check can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MITM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884.

More details will be available at CVE-2022-32212 after publication.

Thank you to Axel Chong for reporting this vulnerability.

Impacts:

All versions of the 18.x, 16.x, and 14.x releases lines.

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

Comment 1 Carlos López 2022-07-11 07:28:19 UTC

This affects nodejs6 and newer.

Upstream commit:
https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464

Comment 4 Swamp Workflow Management 2022-07-15 19:17:11 UTC

SUSE-SU-2022:2415-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1192489,1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs16-16.16.0-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Swamp Workflow Management 2022-07-15 19:18:01 UTC

SUSE-SU-2022:2416-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs14-14.20.0-6.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Swamp Workflow Management 2022-07-15 19:22:56 UTC

SUSE-SU-2022:2417-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1201099,1201325,1201326,1201327,1201328
CVE References: CVE-2022-2097,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs12-12.22.12-1.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2022-07-18 10:24:18 UTC

SUSE-SU-2022:2425-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs14-14.20.0-150200.15.34.1
openSUSE Leap 15.3 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Server 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Proxy 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Enterprise Storage 7 (src):    nodejs14-14.20.0-150200.15.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-07-18 19:16:59 UTC

SUSE-SU-2022:2430-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs12-12.22.12-150200.4.35.1
openSUSE Leap 15.3 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Server 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Proxy 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Enterprise Storage 7 (src):    nodejs12-12.22.12-150200.4.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 Swamp Workflow Management 2022-07-21 16:20:38 UTC

SUSE-SU-2022:2491-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs16-16.16.0-150400.3.3.2
SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src):    nodejs16-16.16.0-150400.3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2022-07-26 16:25:17 UTC

SUSE-SU-2022:2551-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1192489,1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    nodejs16-16.16.0-150300.7.6.2
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs16-16.16.0-150300.7.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-08-19 19:22:31 UTC

SUSE-SU-2022:2855-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1188917,1189368,1191601,1191602,1201325,1201326,1201327,1201328
CVE References: CVE-2021-22930,CVE-2021-22940,CVE-2021-22959,CVE-2021-22960,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs10-10.24.1-150000.1.47.1
openSUSE Leap 15.3 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Server 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Proxy 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Enterprise Storage 7 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Enterprise Storage 6 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE CaaS Platform 4.0 (src):    nodejs10-10.24.1-150000.1.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.