Development / Security

Node.js Fixes High-Risk Data Confidentiality Flaw

12 Dec 2017 9:48am, by

The Node.js core community released new security updates Friday for all of its supported branches in order to fix three vulnerabilities, including a high-risk one that could affect data confidentiality and integrity.

The vulnerability stems from how Node.js’ HTTP2 and TLS modules interact with the underlying OpenSSL library. The Node.js flaw, which is tracked as CVE-2017-15896, is a direct consequence of a vulnerability (CVE-2017-3737) patched last week in OpenSSL.

The OpenSSL developers assigned a moderate-severity level for that vulnerability and described it as such:

“OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an ‘error state’ mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.”

The OpenSSL developers explained that in order for the flaw to be exploitable, an application that uses the library would need to have a bug of its own that would result in a call to SSL_read() or SSL_write() being issued after receiving a fatal handshake error.

This was the case with Node.js and “the result was that an active network attacker could send application data to Node.js using the TLS or HTTP/2 modules in a way that bypassed TLS authentication and encryption,” the Node.js developers warned in an advisory.

If left unpatched, the flaw can have a serious impact on a Node.js application’s data confidentiality and integrity, so users should upgrade as soon as possible to the newly released Node v9.2.1 (Current), Node v8.9.3 (LTS), Node v6.12.2 (LTS) or Node v4.8.7 (Maintenance), depending on which release branch they use.

It’s also worth mentioning that the flaw does not affect Node.js’ HTTP and HTTPS modules — only HTTP2 and TLS — and that the new Node builds integrate the OpenSSL 1.0.2n version released last week as a dependency of the TLS module.

OpenSSL 1.0.2n also contains a fix for a low-severity overflow bug in the AVX2 Montgomery multiplication procedure that only affects certain CPUs like Intel 4th generation (Haswell) that support the AVX2 but not ADX extensions.

Finally, the Node.js updates for the 8.x and 9.x branches also address an uninitialized buffer vulnerability tracked as CVE-2017-15897 that can lead to information disclosure. The impact of this flaw is considered low because a combination of coding errors need to be made by the user in order for it to be exploitable.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.