Details of VAR-202210-0043

ID

VAR-202210-0043

CVE

CVE-2022-35256

TITLE

Node.js Foundation of Node.js in products from other multiple vendors HTTP Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-022575

DESCRIPTION

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. Node.js Foundation of Node.js For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nodejs14-nodejs security update Advisory ID: RHSA-2022:7044-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:7044 Issue date: 2022-10-19 CVE Names: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-44906 CVE-2022-21824 CVE-2022-35256 ==================================================================== 1. Summary: An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531) * nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532) * nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533) * minimist: prototype pollution (CVE-2021-44906) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) * nodejs: Prototype pollution via console.table properties (CVE-2022-21824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names 2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection 2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields 2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties 2066009 - CVE-2021-44906 minimist: prototype pollution 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs14-nodejs-14.20.1-2.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.20.1-2.el7.noarch.rpm ppc64le: rh-nodejs14-nodejs-14.20.1-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.1-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.1-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.1.2.el7.ppc64le.rpm s390x: rh-nodejs14-nodejs-14.20.1-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.1-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.1-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.1.2.el7.s390x.rpm x86_64: rh-nodejs14-nodejs-14.20.1-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.1-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.1-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.1.2.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs14-nodejs-14.20.1-2.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.20.1-2.el7.noarch.rpm x86_64: rh-nodejs14-nodejs-14.20.1-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.1-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.1-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-44531 https://access.redhat.com/security/cve/CVE-2021-44532 https://access.redhat.com/security/cve/CVE-2021-44533 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-21824 https://access.redhat.com/security/cve/CVE-2022-35256 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1Bkk9zjgjWX9erEAQh9DQ//dSOPbtnYD3f9AvLUnQpnJb7OyGisGpPW von8hNiTCD5J3FP2DlY3/wGX9H1g2BXmuwpojS/sh17E2+sHldBTMk5kxT8bkBkB ZWnmIwqA1PfjAO4FEc7MtePJXsqCrBne63Bpo7k3ALc4hHtP2BEMkjA4ZOJJDl82 ydj74PPr0uVuZAn0jcLKsIPq1OmUW9jNuzY0p5uqhXKVP4XfFWfpi2dd34Nej+dv RbSABk5jZ0R6bQlPOdG4bI8vevvmhkeAqkcWgHWBZ9n34SFdiGKFdxUI3+SM2zvl tB7zuDc9rsLnF7DLZq3HVG3eOVdxJ1MKwap89iQrmQCy1kz4iq3hZbAKJHIjLTEy gWpwYI9nCamIsNwYB1pUM5RexkKTPKDRttZh9hff2RO9QCvdnecw3386blkhsb8s XJMAywflJeBrTnMPQ9tSNx60CgGI8JkU40RtnfwwS5yS1upd56jYbL+W4CzbZmzd bj48/l+fl3Ny0bGZ6QAG0ZWrH0eTs6hL/xYKFu2Z7jDteP9ITE1kSKeISjE/G0Rb Hjjp6sfEiR07PEJx2/Lne+o5JvCGu7wviT2SnJIfjX9C056CtO4IjRXEqdPqZqYq 3+T1AOLM1M2vu55WagYhnTtfGefIj5EScstARXZjz5pF0dQyhNZNO+p/S0coNUWz y4v1DFKlYtA=JvnP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20). Bug Fix(es): * nodejs: Packaged version of undici does not fit with declared version. [rhel-9] (BZ#2151627) 4

Trust: 2.25

sources: NVD: CVE-2022-35256 // JVNDB: JVNDB-2022-022575 // VULMON: CVE-2022-35256 // PACKETSTORM: 168757 // PACKETSTORM: 169437 // PACKETSTORM: 170658 // PACKETSTORM: 169781 // PACKETSTORM: 171839 // PACKETSTORM: 171666

AFFECTED PRODUCTS

vendor:	nodejs	model:	node.js	scope:	gte	version:	14.15.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	16.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	18.9.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	14.20.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	eq	version:	1.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	16.13.0	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	lt	version:	1.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	14.14.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	llhttp	model:	llhttp	scope:	lt	version:	6.0.10	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	18.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	16.17.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	16.0.0	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	node js	model:	node.js	scope:	-	version:	-	Trust: 0.8
vendor:	llhttp	model:	llhttp	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec ins	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-022575 // NVD: CVE-2022-35256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-35256
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-35256
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-35256
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-1266
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-35256
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0
NVD:	CVE-2022-35256
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-022575 // CNNVD: CNNVD-202210-1266 // NVD: CVE-2022-35256 // NVD: CVE-2022-35256

PROBLEMTYPE DATA

problemtype:	CWE-444	Trust: 1.0
problemtype:	HTTP Request Smuggling (CWE-444) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-022575 // NVD: CVE-2022-35256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1266

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202210-1266

PATCH

title:	Node.js Remediation measures for environmental problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=219729	Trust: 0.6
title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-35256	Trust: 0.1

sources: VULMON: CVE-2022-35256 // CNNVD: CNNVD-202210-1266

EXTERNAL IDS

db:	NVD	id:	CVE-2022-35256	Trust: 3.9
db:	HACKERONE	id:	1675191	Trust: 2.4
db:	SIEMENS	id:	SSA-332410	Trust: 2.4
db:	ICS CERT	id:	ICSA-23-017-03	Trust: 0.8
db:	JVN	id:	JVNVU90782730	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-022575	Trust: 0.8
db:	PACKETSTORM	id:	169437	Trust: 0.7
db:	PACKETSTORM	id:	169781	Trust: 0.7
db:	PACKETSTORM	id:	170727	Trust: 0.6
db:	PACKETSTORM	id:	169408	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6632	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1926	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5146	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-1266	Trust: 0.6
db:	VULMON	id:	CVE-2022-35256	Trust: 0.1
db:	PACKETSTORM	id:	168757	Trust: 0.1
db:	PACKETSTORM	id:	170658	Trust: 0.1
db:	PACKETSTORM	id:	171839	Trust: 0.1
db:	PACKETSTORM	id:	171666	Trust: 0.1

sources: VULMON: CVE-2022-35256 // PACKETSTORM: 168757 // PACKETSTORM: 169437 // PACKETSTORM: 170658 // PACKETSTORM: 169781 // PACKETSTORM: 171839 // PACKETSTORM: 171666 // JVNDB: JVNDB-2022-022575 // CNNVD: CNNVD-202210-1266 // NVD: CVE-2022-35256

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf	Trust: 2.4
url:	https://hackerone.com/reports/1675191	Trust: 2.4
url:	https://www.debian.org/security/2023/dsa-5326	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-35256	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu90782730/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-35256	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169408/red-hat-security-advisory-2022-6963-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1926	Trust: 0.6
url:	https://packetstormsecurity.com/files/169781/red-hat-security-advisory-2022-7830-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5146	Trust: 0.6
url:	https://packetstormsecurity.com/files/169437/red-hat-security-advisory-2022-7044-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6632	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-35256/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44532	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21824	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44533	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44531	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44531	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44532	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-21824	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44533	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43548	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-3517	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-43548	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2023-23918	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24999	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24999	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-38900	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4904	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2023-23920	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25881	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-4904	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25881	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-38900	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2022:6964	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-35255	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-35255	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7044	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0321	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7830	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0235	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1742	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0235	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1533	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23920	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 168757 // PACKETSTORM: 169437 // PACKETSTORM: 170658 // PACKETSTORM: 169781 // PACKETSTORM: 171839 // PACKETSTORM: 171666

SOURCES

db:	VULMON	id:	CVE-2022-35256
db:	PACKETSTORM	id:	168757
db:	PACKETSTORM	id:	169437
db:	PACKETSTORM	id:	170658
db:	PACKETSTORM	id:	169781
db:	PACKETSTORM	id:	171839
db:	PACKETSTORM	id:	171666
db:	JVNDB	id:	JVNDB-2022-022575
db:	CNNVD	id:	CNNVD-202210-1266
db:	NVD	id:	CVE-2022-35256

LAST UPDATE DATE

2025-08-12T22:35:56.243000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-022575	date:	2023-11-17T08:21:00
db:	CNNVD	id:	CNNVD-202210-1266	date:	2023-04-04T00:00:00
db:	NVD	id:	CVE-2022-35256	date:	2025-04-24T14:15:32.277

SOURCES RELEASE DATE

db:	PACKETSTORM	id:	168757	date:	2022-10-18T14:27:29
db:	PACKETSTORM	id:	169437	date:	2022-10-20T14:20:24
db:	PACKETSTORM	id:	170658	date:	2023-01-24T16:29:02
db:	PACKETSTORM	id:	169781	date:	2022-11-08T13:50:47
db:	PACKETSTORM	id:	171839	date:	2023-04-12T16:57:08
db:	PACKETSTORM	id:	171666	date:	2023-04-03T17:32:27
db:	JVNDB	id:	JVNDB-2022-022575	date:	2023-11-17T00:00:00
db:	CNNVD	id:	CNNVD-202210-1266	date:	2022-10-18T00:00:00
db:	NVD	id:	CVE-2022-35256	date:	2022-12-05T22:15:10.570