What is CVE-2021-44532?

CVE-2021-44532 is a vulnerability in Nodejs Node, classified under Improper Following of a Certificate's Chain of Trust. Published 2022-02-24.

Is CVE-2021-44532 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Nodejs Node

CVE-2021-44532

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject…

EPSS: 0.001 (32.4th percentile) — read the EPSS interpretation.

Affected products

Nodejs Node — versions 4.0, 5.0, 6.0

Weakness classification (CWE)

CWE-296 — Improper Following of a Certificate's Chain of Trust

Public proof-of-concept exploits

References

hackerone.com/reports/1429694 (x_refsource_MISC)
nodejs.org/en/blog/vulnerability/jan-2022-security-releases/ (x_refsource_MISC)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220325-0007/ (x_refsource_CONFIRM)
DSA-5170 (vendor-advisory, x_refsource_DEBIAN)
www.oracle.com/security-alerts/cpujul2022.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-44532?: CVE-2021-44532 is a vulnerability in Nodejs Node, classified under Improper Following of a Certificate's Chain of Trust. Published 2022-02-24.
Is CVE-2021-44532 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.