AVG-1605 log
| Package | nodejs |
| Status | Not affected |
| Severity | Low |
| Type | incorrect calculation |
| Affected | 15.9.0-1 |
| Fixed | Not affected |
| Current | 21.7.3-1 [extra] |
| Ticket | None |
| Created | Tue Feb 23 19:32:41 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-23840 | Low | Yes | Incorrect calculation | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
| References |
|---|
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ |
| Notes |
|---|
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library. |