摘要:
Node.js made calls to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. However, it does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail.Impacts:All versions of the 18.x and 16.x release lines.
安全等级: Low
公告ID: KylinSec-SA-2022-2525
发布日期: 2022年10月24日
关联CVE: CVE-2022-35255
Node.js made calls to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. However, it does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail.Impacts:All versions of the 18.x and 16.x release lines.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-35255 | KY3.4-4A | nodejs | Unaffected |
| CVE-2022-35255 | KY3.4-5 | nodejs | Unaffected |
| CVE-2022-35255 | KY3.5.1 | nodejs | Unaffected |
