DLL Hijacking Vulnerability in Node.js on Windows Platforms
CVE-2022-32223

7.3HIGH

Key Information:

Vendor

Nodejs

Status
Node
Vendor
CVE Published:
14 July 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-32223?

Node.js is affected by a DLL Hijacking vulnerability on Windows platforms that occurs under specific conditions when OpenSSL is installed. The vulnerability can be exploited if the configuration file openssl.cnf is located at C:\Program Files\Common Files\SSL\. When these conditions are met, the node.exe process searches for the providers.dll file in the current user directory. If an attacker places a malicious version of providers.dll in a location that is searched by the DLL Search Order mechanism in Windows, they can potentially execute harmful actions within the context of the affected application.

Affected Version(s)

Node 4.0 < 4.*

Node 5.0 < 5.*

Node 6.0 < 6.*

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2022-32223
Created by ianyong

References

https://nodejs.org/en/blog/vulnerability/july-2022-securi...
x_refsource_MISC
https://hackerone.com/reports/1447455
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220915-0001/
x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.