Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

Published

2022-07-14T15:15:08.487

Last Modified

2024-11-21T07:05:57.453

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nodejs	node.js	≤ 14.14.0	Yes
Application	nodejs	node.js	< 14.20.0	Yes
Application	nodejs	node.js	≤ 16.12.0	Yes
Application	nodejs	node.js	< 16.16.0	Yes
Application	nodejs	node.js	< 18.0.5	Yes
Operating System	microsoft	windows	-	No

References

https://hackerone.com/reports/1447455 Permissions Required ([email protected])
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ Patch, Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220915-0001/ Third Party Advisory ([email protected])
https://hackerone.com/reports/1447455 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220915-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)