AVG-1609 log

Package nodejs-lts-fermium
Status Not affected
Severity Low
Type incorrect calculation
Affected 14.15.4-1
Fixed Not affected
Current 14.18.1-1 [community]
Ticket None
Created Tue Feb 23 19:34:58 2021
Issue Severity Remote Type Description
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
References
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Notes
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library.