AVG-1605 log

Package nodejs
Status Not affected
Severity Low
Type incorrect calculation
Affected 15.9.0-1
Fixed Not affected
Current 17.0.1-1 [community-testing]
16.11.1-1 [community]
Ticket None
Created Tue Feb 23 19:32:41 2021
Issue Severity Remote Type Description
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
References
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Notes
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library.