Home

CVE-2023-30590

Description

The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: Generates private and public Diffie-Hellman key values.The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.954

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Node.js 16 (x64) (16.20.1)Windows
Multiple vulnerabilities are fixed in Node.js 16 (16.20.1)Windows
Multiple vulnerabilities are fixed in Node.js 18 (x64) (18.16.1)Windows
Multiple vulnerabilities are fixed in Node.js 18 (18.16.1)Windows
Multiple vulnerabilities are fixed in Node.js 20.3.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2Windows
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) nodejs16-16.20.1-150400.3.21.1.x86_64.rpmLinux
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) nodejs16-debuginfo-16.20.1-150400.3.21.1.x86_64.rpmLinux
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) nodejs16-debugsource-16.20.1-150400.3.21.1.x86_64.rpmLinux
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) nodejs16-devel-16.20.1-150400.3.21.1.x86_64.rpmLinux
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) npm16-16.20.1-150400.3.21.1.x86_64.rpmLinux
SUSE-SU-2023:2663-1(Web and Scripting Module 15-SP4 ) nodejs16-docs-16.20.1-150400.3.21.1.noarch.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP4 ) nodejs18-debuginfo-18.16.1-150400.9.9.1.x86_64.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP4 ) nodejs18-debugsource-18.16.1-150400.9.9.1.x86_64.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) nodejs18-18.16.1-150400.9.9.1.x86_64.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) nodejs18-debuginfo-18.16.1-150400.9.9.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) nodejs18-debugsource-18.16.1-150400.9.9.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) nodejs18-devel-18.16.1-150400.9.9.1.x86_64.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) npm18-18.16.1-150400.9.9.1.x86_64.rpmLinux
SUSE-SU-2023:2669-1(Web and Scripting Module 15-SP5 ) nodejs18-docs-18.16.1-150400.9.9.1.noarch.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-debuginfo-16.20.1-1.el9_2.i686.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-debugsource-16.20.1-1.el9_2.i686.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-docs-16.20.1-1.el9_2.noarch.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-libs-16.20.1-1.el9_2.i686.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-libs-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpmLinux
(RHSA-2023:4331)Moderate: security, bug fix, and enhancement update npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpmLinux
nodejs:16 security, bug fix, and enhancement update (RLSA-2023:4537) nodejs-nodemon-2.0.20-3.module+el8.7.0+1178+d52dba78.noarch.rpmLinux
nodejs:16 security, bug fix, and enhancement update (RLSA-2023:4537) nodejs-packaging-25-1.module+el8.7.0+1108+49363b0d.noarch.rpmLinux
Nodejs update (ELSA-2023-4330) nodejs-18.16.1-1.module+el9.2.0+21133+486db26c.x86_64.rpmLinux
Nodejs-devel update (ELSA-2023-4330) nodejs-devel-18.16.1-1.module+el9.2.0+21133+486db26c.x86_64.rpmLinux
Nodejs-docs update (ELSA-2023-4330) nodejs-docs-18.16.1-1.module+el9.2.0+21133+486db26c.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2023-4330) nodejs-full-i18n-18.16.1-1.module+el9.2.0+21133+486db26c.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2023-4330) nodejs-nodemon-2.0.20-2.module+el9.2.0+21038+115df6a2.noarch.rpmLinux
Nodejs-packaging update (ELSA-2023-4330) nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpmLinux
Nodejs-packaging-bundler update (ELSA-2023-4330) nodejs-packaging-bundler-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpmLinux
Npm update (ELSA-2023-4330) npm-9.5.1-1.18.16.1.1.module+el9.2.0+21133+486db26c.x86_64.rpmLinux
Nodejs update (ELSA-2023-4331) nodejs-16.20.1-1.el9_2.x86_64.rpmLinux
Nodejs-docs update (ELSA-2023-4331) nodejs-docs-16.20.1-1.el9_2.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2023-4331) nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpmLinux
Nodejs-libs update (ELSA-2023-4331) nodejs-libs-16.20.1-1.el9_2.i686.rpmLinux
Nodejs-libs update (ELSA-2023-4331) nodejs-libs-16.20.1-1.el9_2.x86_64.rpmLinux
Npm update (ELSA-2023-4331) npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-docs-18.16.1-1.module+el8.8.0+1413+a47876c7.noarch.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-nodemon-2.0.20-2.module+el8.7.0+1177+510ae886.noarch.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-packaging-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-packaging-bundler-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-debuginfo-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-debugsource-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-devel-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-docs-18.16.1-1.module+el9.2.0.z+19424+78951f07.noarch.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-full-i18n-18.16.1-1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-nodemon-2.0.20-2.module+el9.2.0.z+18497+a402347c.noarch.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-packaging-2021.06-4.module+el9.1.0+15718+e52ec601.noarch.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update nodejs-packaging-bundler-2021.06-4.module+el9.1.0+15718+e52ec601.noarch.rpmLinux
(RHSA-2023:4330)Moderate: security, bug fix, and enhancement update npm-9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07.x86_64.rpmLinux
nodejs security update(DSA-5589-1) nodejs_18.19.0+dfsg-6~deb12u1_amd64.debLinux
nodejs security update(DSA-5589-1) nodejs_18.19.0+dfsg-6~deb12u1_i386.debLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) npm-9.5.1-1.18.16.1.1.module+el8.8.0+1413+a47876c7.x86_64.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-18.16.1-1.module+el8.8.0+1413+a47876c7.x86_64.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-devel-18.16.1-1.module+el8.8.0+1413+a47876c7.x86_64.rpmLinux
nodejs:18 security, bug fix, and enhancement update (RLSA-2023:4536) nodejs-full-i18n-18.16.1-1.module+el8.8.0+1413+a47876c7.x86_64.rpmLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode-dev_10.19.0~dfsg-3ubuntu1.6_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode-dev_12.22.9~dfsg-1ubuntu3.5_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode-dev_18.13.0+dfsg1-1ubuntu2.2_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode108_18.13.0+dfsg1-1ubuntu2.2_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode64_10.19.0~dfsg-3ubuntu1.6_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) libnode72_12.22.9~dfsg-1ubuntu3.5_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs_10.19.0~dfsg-3ubuntu1.6_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs_12.22.9~dfsg-1ubuntu3.5_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs_18.13.0+dfsg1-1ubuntu2.2_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs-doc_10.19.0~dfsg-3ubuntu1.6_all.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs-doc_12.22.9~dfsg-1ubuntu3.5_all.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6735-1) nodejs-doc_18.13.0+dfsg1-1ubuntu2.2_all.debLinux
Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpmLinux
Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpmLinux
Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpmLinux
Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpmLinux
Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpmLinux
Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpmLinux
Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-331257Node.js 16 (x64) (16.20.1)
PATCH-331256Node.js 16 (16.20.1)
PATCH-331763Node.js 18 (x64) (18.17.0)
PATCH-331762Node.js 18 (18.17.0)
PATCH-319042Node.js 10 (10.24.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234