{"id":"CVE-2019-15604","details":"Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate","modified":"2026-02-24T11:31:59.814215Z","published":"2020-02-07T15:15:11.180Z","related":["ALSA-2020:0579","ALSA-2020:0598","MGASA-2020-0372","SUSE-SU-2020:0427-1","SUSE-SU-2020:0429-1","SUSE-SU-2020:0454-1","SUSE-SU-2020:0455-1","SUSE-SU-2020:0488-1","openSUSE-SU-2020:0293-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0573"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0579"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0597"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0598"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0602"},{"type":"ADVISORY","url":"https://hackerone.com/reports/746733"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/release/v10.19.0/"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/release/v12.15.0/"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/release/v13.8.0/"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-48"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200221-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4669"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/746733"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkstyle/checkstyle","events":[{"introduced":"0"},{"fixed":"d4a3cc700f90afd44e062da7b4d42ec5c48ef8ad"}]}],"versions":["bcel","checkstyle-10.0","checkstyle-10.1","checkstyle-10.10.0","checkstyle-10.11.0","checkstyle-10.12.0","checkstyle-10.12.1","checkstyle-10.12.2","checkstyle-10.12.3","checkstyle-10.12.4","checkstyle-10.12.5","checkstyle-10.12.6","checkstyle-10.12.7","checkstyle-10.13.0","checkstyle-10.14.0","checkstyle-10.14.1","checkstyle-10.14.2","checkstyle-10.15.0","checkstyle-10.16.0","checkstyle-10.17.0","checkstyle-10.18.0","checkstyle-10.18.1","checkstyle-10.18.2","checkstyle-10.2","checkstyle-10.3","checkstyle-10.3.1","checkstyle-10.3.2","checkstyle-10.3.3","checkstyle-10.3.4","checkstyle-10.4","checkstyle-10.5.0","checkstyle-10.6.0","checkstyle-10.7.0","checkstyle-10.8.0","checkstyle-10.8.1","checkstyle-10.9.0","checkstyle-10.9.1","checkstyle-10.9.2","checkstyle-10.9.3","checkstyle-4.4","checkstyle-5.2","checkstyle-5.3","checkstyle-5.4","checkstyle-5.5","checkstyle-5.6","checkstyle-5.7","checkstyle-5.8","checkstyle-5.9","checkstyle-6.0","checkstyle-6.1","checkstyle-6.1.1","checkstyle-6.10","checkstyle-6.10.1","checkstyle-6.11","checkstyle-6.11.1","checkstyle-6.11.2","checkstyle-6.12","checkstyle-6.12.1","checkstyle-6.13","checkstyle-6.14","checkstyle-6.14.1","checkstyle-6.15","checkstyle-6.16","checkstyle-6.16.1","checkstyle-6.17","checkstyle-6.18","checkstyle-6.19","checkstyle-6.2","checkstyle-6.3","checkstyle-6.4","checkstyle-6.4.1","checkstyle-6.5","checkstyle-6.6","checkstyle-6.7","checkstyle-6.8","checkstyle-6.8.1","checkstyle-6.9","checkstyle-7.0","checkstyle-7.1","checkstyle-7.1.1","checkstyle-7.1.2","checkstyle-7.2","checkstyle-7.3","checkstyle-7.4","checkstyle-7.5","checkstyle-7.5.1","checkstyle-7.6","checkstyle-7.6.1","checkstyle-7.7","checkstyle-7.8","checkstyle-7.8.1","checkstyle-7.8.2","checkstyle-8.0","checkstyle-8.1","checkstyle-8.10","checkstyle-8.10.1","checkstyle-8.11","checkstyle-8.12","checkstyle-8.13","checkstyle-8.14","checkstyle-8.15","checkstyle-8.16","checkstyle-8.17","checkstyle-8.18","checkstyle-8.19","checkstyle-8.2","checkstyle-8.20","checkstyle-8.21","checkstyle-8.22","checkstyle-8.23","checkstyle-8.24","checkstyle-8.25","checkstyle-8.26","checkstyle-8.27","checkstyle-8.28","checkstyle-8.29","checkstyle-8.3","checkstyle-8.30","checkstyle-8.31","checkstyle-8.32","checkstyle-8.33","checkstyle-8.34","checkstyle-8.35","checkstyle-8.36","checkstyle-8.36.1","checkstyle-8.36.2","checkstyle-8.37","checkstyle-8.38","checkstyle-8.39","checkstyle-8.4","checkstyle-8.40","checkstyle-8.41","checkstyle-8.41.1","checkstyle-8.42","checkstyle-8.43","checkstyle-8.44","checkstyle-8.45","checkstyle-8.45.1","checkstyle-8.5","checkstyle-8.6","checkstyle-8.7","checkstyle-8.8","checkstyle-8.9","checkstyle-9.0","checkstyle-9.0.1","checkstyle-9.1","checkstyle-9.2","checkstyle-9.2.1","checkstyle-9.3","release1_1","release1_2","release1_3","release1_4","release2_0","release2_2","release2_4","release3_0","release3_1","release3_2","release3_3","release3_4","release4_0","release4_0_beta_1","release4_0_beta_2","release4_0_beta_3","release4_0_beta_4","release4_0_beta_5","release4_1","release4_2","release4_3","release4_4","release5_3","release5_4","release5_5","release5_6","release5_7","v2-branch_lmp"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15604.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"111e59b0bcbd364d6f16722ace6dd035e23df2cc"},{"fixed":"6558cfc0b075adfffe0d8c87bbe0d3e0b9326ab5"},{"introduced":"2f45ad8060e13d5ac912335096d21526f2f9602b"},{"fixed":"31d3b6d9cbf6f533e7990fa1b7f82976bc384c64"},{"introduced":"cf41627411886000429bde058a6594fb7f6d6d47"},{"fixed":"5ba7df3c4b81ab695029dacf34a0aa960be71372"}]}],"versions":["v10.0.0","v10.1.0","v10.10.0","v10.11.0","v10.12.0","v10.13.0","v10.14.0","v10.14.1","v10.14.2","v10.15.0","v10.15.1","v10.15.2","v10.15.3","v10.16.0","v10.16.1","v10.16.2","v10.16.3","v10.17.0","v10.18.0","v10.18.1","v10.2.0","v10.2.1","v10.3.0","v10.4.0","v10.4.1","v10.5.0","v10.6.0","v10.7.0","v10.8.0","v10.9.0","v12.0.0","v12.1.0","v12.10.0","v12.11.0","v12.11.1","v12.12.0","v12.13.0","v12.13.1","v12.14.0","v12.14.1","v12.2.0","v12.3.0","v12.3.1","v12.4.0","v12.5.0","v12.6.0","v12.7.0","v12.8.0","v12.8.1","v12.9.0","v12.9.1","v13.0.0","v13.0.1","v13.1.0","v13.2.0","v13.3.0","v13.4.0","v13.5.0","v13.6.0","v13.7.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15604.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}