{"id":"UBUNTU-CVE-2021-44533","details":"Node.js \u003c 12.22.9, \u003c 14.18.3, \u003c 16.13.2, and \u003c 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.","modified":"2026-04-22T15:00:29.266341Z","published":"2022-02-24T19:15:00Z","upstream":["CVE-2021-44533"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44533"},{"type":"REPORT","url":"https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533"},{"type":"REPORT","url":"https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2021-44533"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/nodejs@10.19.0~dfsg-3ubuntu1.6+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["10.15.2~dfsg-2ubuntu1","10.17.0~dfsg-2ubuntu4","10.17.0~dfsg-2ubuntu6","10.19.0~dfsg-3ubuntu1","10.19.0~dfsg-3ubuntu1.1","10.19.0~dfsg-3ubuntu1.2","10.19.0~dfsg-3ubuntu1.3","10.19.0~dfsg-3ubuntu1.5","10.19.0~dfsg-3ubuntu1.6","10.19.0~dfsg-3ubuntu1.6+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"libnode64","binary_version":"10.19.0~dfsg-3ubuntu1.6+esm2"},{"binary_name":"nodejs","binary_version":"10.19.0~dfsg-3ubuntu1.6+esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-44533.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}