CVE Vulnerability

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:Program FilesCommon FilesSSLopenssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ Patch Vendor Advisory
https://hackerone.com/reports/1447455 Permissions Required
https://security.netapp.com/advisory/ntap-20220915-0001/ Third Party Advisory
Configurations

Configuration 1
Information

Published : 2022-07-14 03:15

Updated : 2022-10-28 06:29

NVD link : CVE-2022-32223

Mitre link : CVE-2022-32223

Products Affected
No products.
CWE
CWE-427