Bug 1201328 (CVE-2022-32212) - VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses
Summary: VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addr...
Status: RESOLVED FIXED
Alias: CVE-2022-32212
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Adam Majer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/336535/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-32212:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-08 10:27 UTC by Carlos López
Modified: 2024-05-30 18:52 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-07-08 10:27:12 UTC 
CVE-2022-32212

The IsAllowedHost check can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MITM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884.

More details will be available at CVE-2022-32212 after publication.

Thank you to Axel Chong for reporting this vulnerability.

Impacts:

All versions of the 18.x, 16.x, and 14.x releases lines.

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
Comment 1 Carlos López 2022-07-11 07:28:19 UTC 
This affects nodejs6 and newer.

Upstream commit:
https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464
Comment 4 Swamp Workflow Management 2022-07-15 19:17:11 UTC 
SUSE-SU-2022:2415-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1192489,1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs16-16.16.0-8.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2022-07-15 19:18:01 UTC 
SUSE-SU-2022:2416-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs14-14.20.0-6.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-07-15 19:22:56 UTC 
SUSE-SU-2022:2417-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1201099,1201325,1201326,1201327,1201328
CVE References: CVE-2022-2097,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs12-12.22.12-1.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-07-18 10:24:18 UTC 
SUSE-SU-2022:2425-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs14-14.20.0-150200.15.34.1
openSUSE Leap 15.3 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Server 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Manager Proxy 4.1 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs14-14.20.0-150200.15.34.1
SUSE Enterprise Storage 7 (src):    nodejs14-14.20.0-150200.15.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-07-18 19:16:59 UTC 
SUSE-SU-2022:2430-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs12-12.22.12-150200.4.35.1
openSUSE Leap 15.3 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Server 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Manager Proxy 4.1 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs12-12.22.12-150200.4.35.1
SUSE Enterprise Storage 7 (src):    nodejs12-12.22.12-150200.4.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-07-21 16:20:38 UTC 
SUSE-SU-2022:2491-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs16-16.16.0-150400.3.3.2
SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src):    nodejs16-16.16.0-150400.3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-07-26 16:25:17 UTC 
SUSE-SU-2022:2551-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1192489,1201325,1201326,1201327,1201328
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    nodejs16-16.16.0-150300.7.6.2
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs16-16.16.0-150300.7.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-08-19 19:22:31 UTC 
SUSE-SU-2022:2855-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1188917,1189368,1191601,1191602,1201325,1201326,1201327,1201328
CVE References: CVE-2021-22930,CVE-2021-22940,CVE-2021-22959,CVE-2021-22960,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs10-10.24.1-150000.1.47.1
openSUSE Leap 15.3 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Server 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Manager Proxy 4.1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server for SAP 15 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise Server 15-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Enterprise Storage 7 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE Enterprise Storage 6 (src):    nodejs10-10.24.1-150000.1.47.1
SUSE CaaS Platform 4.0 (src):    nodejs10-10.24.1-150000.1.47.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2023-02-14 17:25:51 UTC 
SUSE-SU-2023:0408-1: An update that solves 7 vulnerabilities, contains two features and has three fixes is now available.

Category: security (moderate)
Bug References: 1200303,1201325,1201326,1201327,1201328,1203831,1203832,1205042,1205119,1205236
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215,CVE-2022-35255,CVE-2022-35256,CVE-2022-43548
JIRA References: PED-2097,PED-3192
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs18-18.13.0-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2023-02-15 14:29:03 UTC 
SUSE-SU-2023:0419-1: An update that solves 7 vulnerabilities, contains two features and has three fixes is now available.

Category: security (moderate)
Bug References: 1200303,1201325,1201326,1201327,1201328,1203831,1203832,1205042,1205119,1205236
CVE References: CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215,CVE-2022-35255,CVE-2022-35256,CVE-2022-43548
JIRA References: PED-2097,PED-3192
Sources used:
openSUSE Leap 15.5 (src):    nodejs18-18.13.0-150400.9.3.1
openSUSE Leap 15.4 (src):    nodejs18-18.13.0-150400.9.3.1
SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src):    nodejs18-18.13.0-150400.9.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Carlos López 2024-05-30 18:52:28 UTC 
Done, closing.