AVG-1610 log

Package nodejs-lts-erbium
Status Not affected
Severity Low
Type incorrect calculation
Affected 12.20.1-1
Fixed Not affected
Current 12.22.7-1 [community]
Ticket None
Created Tue Feb 23 19:35:16 2021
Issue Severity Remote Type Description
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
References
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Notes
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library.