AVG-1611 log

Package nodejs-lts-dubnium
Status Not affected
Severity Low
Type incorrect calculation
Affected 10.23.2-1
Fixed Not affected
Current Removed
Ticket None
Created Tue Feb 23 19:35:36 2021
Issue Severity Remote Type Description
CVE-2021-23840 Low Yes Incorrect calculation
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to...
References
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Notes
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library.