Improper Certificate Validation Affecting node Open this link in a new tab package, versions [12.0.0,12.15.0) [13.0.0,13.8.0) [10.0.0,10.19.0)
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
6 Feb 2020
6 Feb 2020
How to fix?
node to version 12.15.0, 13.8.0, 10.19.0 or higher.
Affected versions of this package are vulnerable to Improper Certificate Validation. It is possible to trigger an assertion on a TLS server with a malformed certificate string.
X509V3_EXT_print can return value different from 1 if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion. This vulnerability can be exploited by a user that can remotely connect to a TLS server and supply an invalid certificate, causing the server to crash. As such, this vulnerability could result in a denial-of-service vulnerability.