AVG-1611 log
Package | nodejs-lts-dubnium |
Status | Not affected |
Severity | Low |
Type | incorrect calculation |
Affected | 10.23.2-1 |
Fixed | Not affected |
Current | Removed |
Ticket | None |
Created | Tue Feb 23 19:35:36 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-23840 | Low | Yes | Incorrect calculation | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to... |
References |
---|
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ |
Notes |
---|
nodejs is built with the --shared-openssl configuration option to use the system OpenSSL library. |