Vulnerability Report

CVE-2023-30590

Title: Nodejs Node.Js

Other

Proof Of Concept

No public PoC currently indexed for CVE-2023-30590.

CWE Category NVD-CWE-noinfo

Published Date Nov 28, 2023

Modified Date Nov 04, 2025

Exploit Status Not Found

Score 7.5 CVSS v3.1

Exploit Probability (EPSS)

0.95%

Vulnerability Summary

CVE-2023-30590: The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.

Impacted Vendors

nodejs 1

joyent 1

Reference Links

https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html https://nodejs.org/en/blog/vulnerability/june-2023-security-releases https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html https://nodejs.org/en/blog/vulnerability/june-2023-security-releases https://security.netapp.com/advisory/ntap-20241101-0011/

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.5

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-30590 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 04, 2025 MODIFIED

Vulnerability data or affected products updated.

November 28, 2023 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Stack

No specific products linked.