CVE-2021-22940
Description
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.408
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (x64) (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (x64) (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (x64) (16.6.2) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (16.6.2) | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-debugsource-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-devel-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-docs-12.22.5-1.module+el8.4.0+12242+af52a4c7.noarch.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-full-i18n-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update npm-6.14.14-1.12.22.5.1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-debugsource-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-devel-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-docs-14.17.5-1.module+el8.4.0+12247+e2879e58.noarch.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-full-i18n-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update npm-6.14.14-1.14.17.5.1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-debuginfo-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.3.0+2023+d2377ea3.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| Important: nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-320970 | Node.js 16 (x64) (16.6.2) |
| PATCH-320971 | Node.js 16 (16.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234