Updated: 2025-08-20 03:13:15.896928
Description:
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.9 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | nodejs | 16.20.2 | 5.9 | MEDIUM | Released | CLSA-2025:1756932817 | 2025-09-04 02:29:37 | |
| TuxCare 9.6 ESU | nodejs | 16.20.2 | 5.9 | MEDIUM | Released | CLSA-2026:1770717358 | 2026-02-10 13:41:54 |