{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_nodejs/el10/vex/2023/cve-2023-46809-els_alt_nodejs-el10.json" } ], "tracking": { "current_release_date": "2026-03-03T21:07:43Z", "generator": { "date": "2026-03-03T21:07:43Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-46809-ELS_ALT_NODEJS-EL10", "initial_release_date": "2023-01-01T00:00:00Z", "revision_history": [ { "date": "2023-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-10T17:33:30Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-02-11T07:20:31Z", "number": "3", "summary": "Update document" }, { "date": "2026-02-11T10:21:36Z", "number": "4", "summary": "Update document" }, { "date": "2026-02-11T12:00:23Z", "number": "5", "summary": "Update document" }, { "date": "2026-03-03T21:07:43Z", "number": "6", "summary": "Update document" } ], "status": "final", "version": "6" }, "title": "Security update on CVE-2023-46809" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 9", "product": { "name": "Community Enterprise Operating System 9", "product_id": "CentOS-10", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product_id": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-docs@16.20.2-10.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product_id": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-docs@14.21.3-16.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product_id": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-docs@18.20.8-5.el10?arch=noarch&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product_id": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-docs@18.20.8-4.el10?arch=noarch&os_name=centos&os_version=9" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product_id": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-npm@8.19.4-16.20.2.10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product_id": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs-devel@16.20.2-10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product": { "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product_id": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs16-nodejs@16.20.2-10.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product_id": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs-devel@14.21.3-16.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product_id": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-npm@6.14.18-14.21.3.16.el10?arch=x86_64&epoch=1&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product": { "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product_id": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs14-nodejs@14.21.3-16.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product_id": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-npm@10.8.2-18.20.8.5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product_id": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-npm@10.8.2-18.20.8.4.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product_id": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-devel@18.20.8-5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product_id": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs-devel@18.20.8-4.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product_id": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs@18.20.8-5.el10?arch=x86_64&os_name=centos&os_version=9" } } }, { "category": "product_version", "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product": { "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product_id": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-nodejs18-nodejs@18.20.8-4.el10?arch=x86_64&os_name=centos&os_version=9" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch" }, "product_reference": "alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64" }, "product_reference": "alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64" }, "product_reference": "alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64" }, "product_reference": "alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch" }, "product_reference": "alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64" }, "product_reference": "alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" }, "product_reference": "alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64" }, "product_reference": "alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch" }, "product_reference": "alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch" }, "product_reference": "alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "relates_to_product_reference": "CentOS-10" }, { "category": "default_component_of", "full_product_name": { "name": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64 as a component of Community Enterprise Operating System 9", "product_id": "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64" }, "product_reference": "alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "relates_to_product_reference": "CentOS-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-46809", "notes": [ { "category": "description", "text": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "fixed": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64" ], "known_not_affected": [ "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-alt-nodejs/cve/CVE-2023-46809" } ], "release_date": "2024-02-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-10T17:31:37.683205Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770744695", "product_ids": [ "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770744695" }, { "category": "vendor_fix", "date": "2026-02-10T17:31:37.683205Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770744695", "product_ids": [ "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770744695" }, { "category": "vendor_fix", "date": "2026-02-11T10:18:44.919392Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770805122", "product_ids": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770805122" }, { "category": "vendor_fix", "date": "2026-02-11T10:18:44.919392Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770805122", "product_ids": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64" ], "url": "https://cve.tuxcare.com/els-alt-nodejs/releases/CLSA-2026:1770805122" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-10:alt-nodejs14-nodejs-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-devel-0:14.21.3-16.el10.x86_64", "CentOS-10:alt-nodejs14-nodejs-docs-0:14.21.3-16.el10.noarch", "CentOS-10:alt-nodejs14-npm-1:6.14.18-14.21.3.16.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-devel-0:16.20.2-10.el10.x86_64", "CentOS-10:alt-nodejs16-nodejs-docs-0:16.20.2-10.el10.noarch", "CentOS-10:alt-nodejs16-npm-0:8.19.4-16.20.2.10.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" }, { "category": "impact", "details": "Not vulnerable: The installed Node.js v18.20.8-3 is newer than the patched v18.19.1 release in which RSA_PKCS1_PADDING was disabled by default for crypto.privateDecrypt (or only allowed when OpenSSL supports implicit rejection), removing the PKCS#1 v1.5 timing oracle used by the Marvin Attack. As PKCS#1 v1.5 private-key decryption is blocked in these builds, the required vulnerable code path is not reachable even when OpenSSL is dynamically linked.", "product_ids": [ "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-4.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-devel-0:18.20.8-5.el10.x86_64", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-4.el10.noarch", "CentOS-10:alt-nodejs18-nodejs-docs-0:18.20.8-5.el10.noarch", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.4.el10.x86_64", "CentOS-10:alt-nodejs18-npm-0:10.8.2-18.20.8.5.el10.x86_64" ] } ] } ] }